Pages:
Author

Topic: [Bounty] Fix this php code for me .5 btc (Read 11961 times)

sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:48:34 PM
#39
For the love of god, turn this off of a live server right now.  It's like a poster child for an SQL injection exploit.  Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query.  mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error.  Give a generic message and log the error somewhere that is not open to the public.


but PDO would be over his head obviously, so can't really help him

I don't want to here nothing after that horrible website you posted the other day and you call yourself a pro lol. I'm a straight noob at coding and my shit looks 10 times better then yours. Bet everyone wishes they could use one page email forms.


This is going no where time to lock...
hero member
Activity: 812
Merit: 1000
September 06, 2012, 10:47:37 PM
#38
For the love of god, turn this off of a live server right now.  It's like a poster child for an SQL injection exploit.  Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query.  mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error.  Give a generic message and log the error somewhere that is not open to the public.


financial website
+
$5 dev budget
+
source posted on public forum

what could possibly go wrong? Cheesy
sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:45:27 PM
#37
For the love of god, turn this off of a live server right now.  It's like a poster child for an SQL injection exploit.  Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query.  mysql_real_escape_string() is not enough.



Figured double salt would stop that but I don't know much about coding this is my first shot lol. Have a friend how does site security going to get him to give it a go over when Im all done
legendary
Activity: 1498
Merit: 1000
September 06, 2012, 10:45:06 PM
#36
For the love of god, turn this off of a live server right now.  It's like a poster child for an SQL injection exploit.  Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query.  mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error.  Give a generic message and log the error somewhere that is not open to the public.


but PDO would be over his head obviously, so can't really help him
sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:42:01 PM
#35
Sent your right lol it just shows my login name and email... its got to be something in that line then
legendary
Activity: 1260
Merit: 1000
September 06, 2012, 10:41:35 PM
#34
For the love of god, turn this off of a live server right now.  It's like a poster child for an SQL injection exploit.  Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query.  mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error.  Give a generic message and log the error somewhere that is not open to the public.
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 10:39:23 PM
#33
I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll

Code:
$result=mysql_query("SELECT * FROM users WHERE username='$username'");

To

Code:
$result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 ");
I don't think this does what you think it does. This happens to work with only one user, but if the number of users increase, then there will be a problem.

My address is 16GF23SM6mprHQt55Acav2d2NhzrM5obYF. I will divide the amount up to the others who have helped appropriately.
sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:35:31 PM
#32
I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll

Code:
$result=mysql_query("SELECT * FROM users WHERE username='$username'");

To

Code:
$result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 ");
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 10:22:54 PM
#31
Okay, the hunt for the meta refresh is really going nowhere. Keep looking for it, and remove it when you find it. Meanwhile, a workaround is to keep the user logged in.

At the top of the page:
// Start or resume a session
session_start();
?>

In the "Login successful" area of the code:
$con=mysql_connect('localhost''''') or die('Could not connect: '.mysql_error());
mysql_select_db(""$con);
// If we have a login active, assume authentication
if (isset($_SESSION['username'])) $username $_SESSION['username'];
// Otherwise, we will authenticate the password
else {
  
$username=$_POST['username'];
  
$username=mysql_real_escape_string($username);
  
// PUT YOUR PASSWORD AUTHENTICATION HERE
  
$_SESSION['username'] = $username;
}

// Now, we display the email and username as requested
$result=mysql_query("SELECT * FROM users WHERE username='$username'");
$row=mysql_fetch_array($result);
echo 
"Email: ".$row['email']."
"
;
echo 
"Username: ".$row['username'];

// Finally, close our connection
mysql_close ($con);
?>
sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:11:33 PM
#30
config
Code:
?php
/*
 * Config Include
 *
 * Used to write config information into a static var to be
 * used anywhere
 */

/*
 * Get the Config class
 */
require_once('config.class.php');

/*
 * Write settings to the config
 */
Config::write('hostname', 'l')
Config::write('database', '');
Config::write('username', '');
Config::write('password', '');
Config::write('drivers', array(PDO::ATTR_PERSISTENT => true));



Config::write('hash', 'sha512'); /* Once set DO NOT CHANGE (sha512/bcrypt) */

Config::write('bcryptRounds', '12');

Config::write('remember', true);

Config::write('captcha', true);


Config::write('email_template', 'Default');
Config::write('email_master', '[email protected]');
Config::write('email_welcome', false);
Config::write('email_verification', true);
?>

database
Code:
/*
 * Database Class
 * 
 * Handles all the connections via PDO
 */
class database {
/*
 * @var $pdo A reference to the PDO instance;
 *  Also used for connecions via PDO.
 */
public $pdo null;

/*
 * @var $statement Used to contain query for prepared statments;
 *  Also used for value binding & execution
 */
public $statement null;

/*
 * Database Constructor
 * 
 * This method is used to create a new database object with a connection to a datbase
 */
public function __construct() {
/* Try the connections */
try {
/* Create a connections with the supplied values */
$this->pdo = new PDO("mysql:host=" Config::read('hostname') . ";dbname=" Config::read('database') . ""Config::read('username'), Config::read('password'), Config::read('drivers'));
} catch(PDOException $e) {
/* If any errors echo the out and kill the script */
print "[DATABASE] Error - Connection Failed: " $e->getMessage() . "
"
;
die();
}
}

/*
 * Database Query
 * 
 * This method is used to create a new database prepared query
 * 
 * @param string $query The prepared statement query to the database
 * @param array|string $bind All the variables to bind to the prepared statement
 * @return return the executed string
 */
public function query($query$bind null$fetch 'FETCH_ASSOC') {
/* Prepare the query statement */
$this->statement $this->pdo->prepare($query);
/* Bind each value supplied from $bind */
if($bind != null) {
foreach($bind as $select => $value) {
/* For each type of value give the appropriate param */
if(is_int($value)) {
$param PDO::PARAM_INT
} elseif(is_bool($value)) {
$param PDO::PARAM_BOOL;
} elseif(is_null($value)) {
$param PDO::PARAM_NULL;
} elseif(is_string($value)) {
$param PDO::PARAM_STR;
} else {
$param FALSE;
}
/* Bid value */
if($param) {
$this->statement->bindValue($select$value$param);
}
}
}
/* Execute Query & check for any errors */
if(!$this->statement->execute()){
$result = array(
=> 'false',
=> '[DATABASE] Error - Query: There was an error in sql syntax',
);
return $result;
}
/* Return all content */
if($fetch == 'FETCH_ASSOC') {
$result $this->statement->fetch(PDO::FETCH_ASSOC);
} elseif($fetch == 'FETCH_BOTH') {
$result $this->statement->fetch(PDO::FETCH_BOTH);
} elseif($fetch == 'FETCH_LAZY') {
$result $this->statement->fetch(PDO::FETCH_LAZY);
} elseif($fetch == 'FETCH_OBJ') {
$result $this->statement->fetch(PDO::FETCH_OBJ);
} elseif($fetch == 'fetchAll') {
$result $this->statement->fetchAll();
}
return $result;
}
}
?>

The member one is empty
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 10:07:38 PM
#29
Code:
/*
**********
Member Page
**********
*/
/* Include Class */
require_once('config.inc.php');
require_once(
"database.class.php");
require_once(
"member.class.php");
/* Start an instance of the Database Class */
$database = new database();
/* Create an instance of the Member Class */
$member = new member();
?>


This is what is in there lol, I checked config, member and Im pretty sure its not in the db one
It's most likely in there somewhere, as it is before the doctype. It'd be helpful if you post the three included files.
sr. member
Activity: 448
Merit: 250
September 06, 2012, 10:03:32 PM
#28
Code:
/*
**********
Member Page
**********
*/
/* Include Class */
require_once('config.inc.php');
require_once(
"database.class.php");
require_once(
"member.class.php");
/* Start an instance of the Database Class */
$database = new database();
/* Create an instance of the Member Class */
$member = new member();
?>


This is what is in there lol, I checked config, member and Im pretty sure its not in the db one
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 10:00:50 PM
#27
I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?

Could you post "assets/member.inc.php"?
sr. member
Activity: 448
Merit: 250
September 06, 2012, 09:59:32 PM
#26
I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 09:53:35 PM
#25
Don't even see that in the code lol

Here is the browser-side code:

Code:



Login






Authentication Success

RegisterRecover Password




Email: [email protected]
Username: username2



Login Successful

Click here to logout!





Right before the DOCTYPE, is a meta refresh tag. Remove that.
sr. member
Activity: 448
Merit: 250
September 06, 2012, 09:52:01 PM
#24
Don't even see that in the code lol
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 09:49:34 PM
#23
Since We are getting no where I guess, I should let you guys see what is happening lol.

http://www.bitcoininvestorscreditunion.com/member.php
Username is   username2
password is   password


watch as it switches you will see how it displays it then vanishes
Code:

Get rid of this.
sr. member
Activity: 448
Merit: 250
September 06, 2012, 09:47:28 PM
#22
Since We are getting no where I guess, I should let you guys see what is happening lol.

http://www.bitcoininvestorscreditunion.com/member.php
Username is   username2
password is   password


watch as it switches you will see how it displays it then vanishes
hero member
Activity: 812
Merit: 1000
September 06, 2012, 09:41:05 PM
#21
fixed all that payb.tc said with no avail lol, came from all the cuting and pasting trying to fix this dang thing

yeah, i didn't say to remove , you thought of that all by yourself Tongue
legendary
Activity: 1246
Merit: 1076
September 06, 2012, 09:36:58 PM
#20
Update on what the code looks like so far


Code:
?>



<span style="color: #000000"><span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">$title</span><span style="color: #007700">; </span><span style="color: #0000BB">?></span></span>






echo $content?>

$username=$_POST['username'];
$username=mysql_real_escape_string($username);
$result=mysql_query("SELECT * FROM users WHERE username='$username'");
$row=mysql_fetch_array($result);
echo 
"Email: ".$row['email']."
"
;
echo 
"Username: ".$row['username'];
mysql_close ($con);
?>





Login Successful

Click here to logout!




Do the following:
  • Remove ?> at the beginning of the code.
  • Add "" after    
  • Add "
" after
  • Add "

    " after the

  • you just added.
  • Remove the first "", located right after the

    .
  • Put back the "$con=mysql_connect('localhost', '', '');
    if (!$con) { die('Could not connect: '.mysql_error()); }
    mysql_select_db("", $con);".

  • The code should look like this:

    Code:



    <span style="color: #000000"><span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">$title</span><span style="color: #007700">; </span><span style="color: #0000BB">?></span></span>






    echo $content?>



    $con=mysql_connect('localhost''''') or die('Could not connect: '.mysql_error());
    mysql_select_db(""$con);
    $username=$_POST['username'];
    $username=mysql_real_escape_string($username);
    $result=mysql_query("SELECT * FROM users WHERE username='$username'");
    $row=mysql_fetch_array($result);
    echo 
    "Email: ".$row['email']."
    "
    ;
    echo 
    "Username: ".$row['username'];
    mysql_close ($con);
    ?>



    Login Successful

    Click here to logout!




    Pages:
    Jump to: