[Bounty] Fix this php code for me .5 btc

BitcoinINV

sr. member

Activity: 448

Merit: 250

Quote from: gweedo on September 06, 2012, 10:45:06 PM

Quote from: Inaba on September 06, 2012, 10:41:35 PM

For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.

but PDO would be over his head obviously, so can't really help him

I don't want to here nothing after that horrible website you posted the other day and you call yourself a pro lol. I'm a straight noob at coding and my shit looks 10 times better then yours. Bet everyone wishes they could use one page email forms.

This is going no where time to lock...

payb.tc

hero member

Activity: 812

Merit: 1000

Quote from: Inaba on September 06, 2012, 10:41:35 PM

For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.

financial website
+
$5 dev budget
+
source posted on public forum

what could possibly go wrong? Cheesy

BitcoinINV

sr. member

Activity: 448

Merit: 250

Quote from: Inaba on September 06, 2012, 10:41:35 PM

For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.

Figured double salt would stop that but I don't know much about coding this is my first shot lol. Have a friend how does site security going to get him to give it a go over when Im all done

gweedo

legendary

Activity: 1498

Merit: 1000

Quote from: Inaba on September 06, 2012, 10:41:35 PM

For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.

but PDO would be over his head obviously, so can't really help him

BitcoinINV

sr. member

Activity: 448

Merit: 250

Sent your right lol it just shows my login name and email... its got to be something in that line then

Inaba

legendary

Activity: 1260

Merit: 1000

For the love of god, turn this off of a live server right now. It's like a poster child for an SQL injection exploit. Never. Ever. Ever. Ever. Ever. put raw, unsanitized data into your SQL query. mysql_real_escape_string() is not enough.

Also (and I'm guilty of this, I admit) do not die with the mysql_error. Give a generic message and log the error somewhere that is not open to the public.

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 10:35:31 PM

I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll

Code:

$result=mysql_query("SELECT * FROM users WHERE username='$username'");

To

Code:

$result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 ");

I don't think this does what you think it does. This happens to work with only one user, but if the number of users increase, then there will be a problem.

My address is 16GF23SM6mprHQt55Acav2d2NhzrM5obYF. I will divide the amount up to the others who have helped appropriately.

BitcoinINV

sr. member

Activity: 448

Merit: 250

I figured it out on my own.... But dree for all your help I would like to pay you and also, ask if you would be willing to help me with code ass need of course you will be paid whats the address? The code that needed to be changed was..... drum roll

Code:

$result=mysql_query("SELECT * FROM users WHERE username='$username'");

To

Code:

$result=mysql_query("SELECT * FROM `users` LIMIT 0, 30 ");

dree12

legendary

Activity: 1246

Merit: 1076

Okay, the hunt for the meta refresh is really going nowhere. Keep looking for it, and remove it when you find it. Meanwhile, a workaround is to keep the user logged in.

At the top of the page:

// Start or resume a session
session_start();
?>

In the "Login successful" area of the code:

$con=mysql_connect('localhost', '', '') or die('Could not connect: '.mysql_error());
mysql_select_db("", $con);
// If we have a login active, assume authentication
if (isset($_SESSION['username'])) $username = $_SESSION['username'];
// Otherwise, we will authenticate the password
else {
  $username=$_POST['username'];
  $username=mysql_real_escape_string($username);
  // PUT YOUR PASSWORD AUTHENTICATION HERE
  $_SESSION['username'] = $username;
}

// Now, we display the email and username as requested
$result=mysql_query("SELECT * FROM users WHERE username='$username'");
$row=mysql_fetch_array($result);
echo "Email: ".$row['email']."
";
echo "Username: ".$row['username'];

// Finally, close our connection
mysql_close ($con);
?>

BitcoinINV

sr. member

Activity: 448

Merit: 250

config

Code:

?php
/*
 * Config Include
 * 
 * Used to write config information into a static var to be
 * used anywhere
 */

/*
 * Get the Config class
 */
require_once('config.class.php');

/*
 * Write settings to the config
 */
Config::write('hostname', 'l')
Config::write('database', '');
Config::write('username', '');
Config::write('password', '');
Config::write('drivers', array(PDO::ATTR_PERSISTENT => true));



Config::write('hash', 'sha512'); /* Once set DO NOT CHANGE (sha512/bcrypt) */

Config::write('bcryptRounds', '12');

Config::write('remember', true);

Config::write('captcha', true);


Config::write('email_template', 'Default');
Config::write('email_master', '[email protected]');
Config::write('email_welcome', false);
Config::write('email_verification', true);
?>

database

Code:

/*
 * Database Class
 * 
 * Handles all the connections via PDO
 */
class database {
	/*
	 * @var $pdo A reference to the PDO instance;
	 * 	Also used for connecions via PDO.
	 */
	public $pdo = null;
	
	/*
	 * @var $statement Used to contain query for prepared statments;
	 * 	Also used for value binding & execution
	 */
	public $statement = null;
	
	/*
	 * Database Constructor
	 * 
	 * This method is used to create a new database object with a connection to a datbase
	 */
	public function __construct() {
		/* Try the connections */
		try {
			/* Create a connections with the supplied values */
			$this->pdo = new PDO("mysql:host=" . Config::read('hostname') . ";dbname=" . Config::read('database') . "", Config::read('username'), Config::read('password'), Config::read('drivers'));
		} catch(PDOException $e) {
			/* If any errors echo the out and kill the script */
			print "[DATABASE] Error - Connection Failed: " . $e->getMessage() . "
";
			die();
		}
	}
	
	/*
	 * Database Query
	 * 
	 * This method is used to create a new database prepared query
	 * 
	 * @param string $query The prepared statement query to the database
	 * @param array|string $bind All the variables to bind to the prepared statement
	 * @return return the executed string
	 */
	public function query($query, $bind = null, $fetch = 'FETCH_ASSOC') {
		/* Prepare the query statement */
		$this->statement = $this->pdo->prepare($query);
		/* Bind each value supplied from $bind */
		if($bind != null) {
			foreach($bind as $select => $value) {
				/* For each type of value give the appropriate param */
				if(is_int($value)) {
					$param = PDO::PARAM_INT; 
				} elseif(is_bool($value)) {
					$param = PDO::PARAM_BOOL;
				} elseif(is_null($value)) {
					$param = PDO::PARAM_NULL;
				} elseif(is_string($value)) {
					$param = PDO::PARAM_STR;
				} else {
					$param = FALSE;
				}
				/* Bid value */
				if($param) {
					$this->statement->bindValue($select, $value, $param);
				}
			}
		}
		/* Execute Query & check for any errors */
		if(!$this->statement->execute()){
			$result = array(
				1 => 'false',
				2 => '[DATABASE] Error - Query: There was an error in sql syntax',
			);
			return $result;
		}
		/* Return all content */
		if($fetch == 'FETCH_ASSOC') {
			$result = $this->statement->fetch(PDO::FETCH_ASSOC);
		} elseif($fetch == 'FETCH_BOTH') {
			$result = $this->statement->fetch(PDO::FETCH_BOTH);
		} elseif($fetch == 'FETCH_LAZY') {
			$result = $this->statement->fetch(PDO::FETCH_LAZY);
		} elseif($fetch == 'FETCH_OBJ') {
			$result = $this->statement->fetch(PDO::FETCH_OBJ);
		} elseif($fetch == 'fetchAll') {
			$result = $this->statement->fetchAll();
		}
		return $result;
	}
}
?>

The member one is empty

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 10:03:32 PM

Code:

/*
**********
Member Page
**********
*/
/* Include Class */
require_once('config.inc.php');
require_once("database.class.php");
require_once("member.class.php");
/* Start an instance of the Database Class */
$database = new database();
/* Create an instance of the Member Class */
$member = new member();
?>

This is what is in there lol, I checked config, member and Im pretty sure its not in the db one

It's most likely in there somewhere, as it is before the doctype. It'd be helpful if you post the three included files.

BitcoinINV

sr. member

Activity: 448

Merit: 250

Code:

/*
**********
Member Page
**********
*/
/* Include Class */
require_once('config.inc.php');
require_once("database.class.php");
require_once("member.class.php");
/* Start an instance of the Database Class */
$database = new database();
/* Create an instance of the Member Class */
$member = new member();
?>

This is what is in there lol, I checked config, member and Im pretty sure its not in the db one

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 09:59:32 PM

I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?

Could you post "assets/member.inc.php"?

BitcoinINV

sr. member

Activity: 448

Merit: 250

I promise you that tag is not in my code that I can see. Is there some way it would be hidden in there?

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 09:52:01 PM

Don't even see that in the code lol

Here is the browser-side code:

Code:

Login

Authentication Success

Register • Recover Password

Email: [email protected]
Username: username2

Login Successful

Click here to logout!

Right before the DOCTYPE, is a meta refresh tag. Remove that.

BitcoinINV

sr. member

Activity: 448

Merit: 250

Don't even see that in the code lol

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 09:47:28 PM

Since We are getting no where I guess, I should let you guys see what is happening lol.

http://www.bitcoininvestorscreditunion.com/member.php
Username is username2
password is password

watch as it switches you will see how it displays it then vanishes

Code:

Get rid of this.

BitcoinINV

sr. member

Activity: 448

Merit: 250

Since We are getting no where I guess, I should let you guys see what is happening lol.

http://www.bitcoininvestorscreditunion.com/member.php
Username is username2
password is password

watch as it switches you will see how it displays it then vanishes

payb.tc

hero member

Activity: 812

Merit: 1000

Quote from: BitcoinINV on September 06, 2012, 09:31:46 PM

fixed all that payb.tc said with no avail lol, came from all the cuting and pasting trying to fix this dang thing

yeah, i didn't say to remove , you thought of that all by yourself Tongue

dree12

legendary

Activity: 1246

Merit: 1076

Quote from: BitcoinINV on September 06, 2012, 09:33:13 PM

Update on what the code looks like so far

Code:

?>



	<span style="color: #000000"><span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">$title</span><span style="color: #007700">; </span><span style="color: #0000BB">?></span></span>
	
	




	echo $content; ?>

$username=$_POST['username'];
$username=mysql_real_escape_string($username);
$result=mysql_query("SELECT * FROM users WHERE username='$username'");
$row=mysql_fetch_array($result);
echo "Email: ".$row['email']."
";
echo "Username: ".$row['username'];
mysql_close ($con);
?>




Login Successful
Click here to logout!

Do the following:

Remove ?> at the beginning of the code.
Add "" after
Add "

" after

Add "

" after the

you just added.

Remove the first "", located right after the

.

Put back the "$con=mysql_connect('localhost', '', '');
if (!$con) { die('Could not connect: '.mysql_error()); }
mysql_select_db("", $con);".

The code should look like this:

Code:




	<span style="color: #000000"><span style="color: #0000BB"><?php </span><span style="color: #007700">echo </span><span style="color: #0000BB">$title</span><span style="color: #007700">; </span><span style="color: #0000BB">?></span></span>
	
	




	echo $content; ?>



$con=mysql_connect('localhost', '', '') or die('Could not connect: '.mysql_error());
mysql_select_db("", $con);
$username=$_POST['username'];
$username=mysql_real_escape_string($username);
$result=mysql_query("SELECT * FROM users WHERE username='$username'");
$row=mysql_fetch_array($result);
echo "Email: ".$row['email']."
";
echo "Username: ".$row['username'];
mysql_close ($con);
?>


Login Successful
Click here to logout!

Topic: [Bounty] Fix this php code for me .5 btc (Read 11961 times)