AntiSQL injection

**LuigiMem** · 30-07-2013, 12:24

Originariamente inviato da GalaxyOF
Guardate questo form LOGIN.PHP :

codice:

  <div id="left_wrapper"> <div class="header"> <h2><span><?php echo CMS_SERV_NAME; ?> //</span> LOGIN</h2> </div> <div id="post_wrapper">  <div id="body"> <?php if(!$login) { $form = true; if(isset($_POST['userbox'])) { $user = $_POST['userbox']; mysql_real_escape_string($userbox) $pw = $_POST['password']; mysql_real_escape_string($password) $sql = "SELECT dwUserID FROM TGLOBAL_GSP.dbo.TACCOUNT WHERE szUserID = ? AND szPasswd = '$pw'"; $stmt = odbc_prepare($gcon, $sql); odbc_execute($stmt, array($user, $pw)); if(odbc_num_rows($stmt) === 1) { echo '

You have successfully logged in!
If the automatic redirect doesn&apos; t work, click here.</p>'; echo '<meta http-equiv="refresh" content="3; URL=./user_cp.php">'; $_SESSION['user'] = $user; $form = false; } else { echo '

You have entered wrong username or password!</p>'; } } if($form) { echo' <form action="login.php" method="post"> <label>Name (required)</label> <input type="text" name="userbox" id="userbox" /> <label>Password (required)</label> <input type="password" name="password" id="password" />

 <div class="form_submit"><input type="submit" value="Login" class="read_more2" /></div> </form>'; } } else { echo '

You cannot log in when you are already logged in.
&raquo; Back to Homepage</p>'; } ?> </div>  <div class="clear"></div> </div> </div>   <div id="right_wrapper"> <div id="search"> <input type="text" onblur="if(this.value =='') this.value='search'" onfocus="if (this.value == 'search') this.value=''" value="search" name="s" class="required" id="s" /> <input type="button" /> </div> <div class="categories"> <div class="header">Menu</div> <ul>[*] Home[*] Register[*] Rules[/list]</div>   </div> <div class="bottom_shadow"></div>

L'ho inserito bene l'antisql?
Guardate quest'altro register.php , qui l'ho inserito bene?

codice:

  <div id="left_wrapper"> <div class="header"> <h2><span><?php echo CMS_SERV_NAME; ?> //</span> Register</h2> </div> <div id="post_wrapper">  <div id="body"> <?php if(!$login) { $form = true; /*if(isset($_GET['v'])) { $vCode = $_GET['v']; $vCode = mysql_real_escape_string($vCode); if(!CheckSQL($vCode)) { echo '<meta http-equiv="refresh" content="0; url=index.php">'; exit(); } $sql0 = "SELECT name, passwd, mail FROM user_verify WHERE eCode = '".$vCode."'"; $q0 = mysql_query($sql0); if(mysql_num_rows($q0) != 0) { $dat0 = mysql_fetch_assoc($q0); $uName = $dat0['name']; mysql_real_escape_string($name) $uPW = $dat0['passwd']; mysql_real_escape_string($passwd) $uMail = $dat0['mail']; mysql_real_escape_string($mail) $sql0 = "DELETE FROM user_verify WHERE eCode = '".$vCode."'"; $q0 = mysql_query($sql0); $sql0 = "SELECT MAX(dwUserID) AS Result FROM TGLOBAL_GSP.dbo.TACCOUNT"; $q0 = odbc_exec($gcon, $sql0); $count0 = odbc_fetch_array($q0); $count = $count0['Result']; mysql_real_escape_string($Result) $date = date("Y-m-d H:i:s"); $sql = "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT(dwUserID, szUserID, szPasswd, bCheck, dFirstLogin, szMail) VALUES($count + 1, '".$uName."', '".$uPW."', '1', {ts'".$date."'}, '".$uMail."')"; $q = odbc_exec($gcon, $sql); echo '

Your account has been created! You can login now!
&raquo; Login</p>'; $form = false; } else { echo '

Please enter again the reCaptcha Code!
&raquo; Registration</p>'; $form = false; } }*/ if(isset($_POST['userbox'])) { $user = $_POST['userbox']; mysql_real_escape_string($userbox) $mail = $_POST['email']; mysql_real_escape_string($email) $pw = $_POST['password']; mysql_real_escape_string($password) $pw2 = $_POST['password2']; mysql_real_escape_string($password2) require_once('includes/recaptchalib.php'); $resp = recaptcha_check_answer (CMS_PRKEY, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); $user = mysql_real_escape_string($user); $mail = mysql_real_escape_string($mail); //$verifyCode = md5(sha1(sha1($user) . $mail . rand(0, 999) . sha1($mail . $user) . md5(sha1($mail . rand(0, 999)) . $pw))); if(check_mail($mail) && $pw == $pw2 && check_name($user) && strlen($user) < 21 && strlen($user) > 5 && $resp->is_valid) { $sql0 = "SELECT szUserID FROM TGLOBAL_GSP.dbo.TACCOUNT WHERE szUserID = ?"; $stmt0 = odbc_prepare($gcon, $sql0); $re0 = odbc_execute($stmt0, array($user)); $nFree = odbc_num_rows($stmt0); if($nFree == 0) { /*$sql = "INSERT INTO user_verify (Name, Passwd, Mail, eCode) VALUES ( '".$user."', '".$pw."', '".$mail."', '".$verifyCode."')"; $q = mysql_query($sql); $title = 'Account Created'; $msg = 'You have successfully registered on35.114.59.27:81/index.php\r\n Please click on the following link to complete the registration!\r\n\r\n http://37.114.59.27:81/register.php?v='.$verifyCode.'\r\n\r\nmfg The4thStory - Team'; $header = 'From: noreply@domain.com'; mail($mail, $title, $msg, $header); echo '

It has been sent to your email address to an confirmation email!
 Please click on the registration link sent to your email to create the account. Please check also your Spam or Junked Files.

 &raquo; Login</p>';*/ $sql0 = "SELECT MAX(dwUserID) AS Result FROM TGLOBAL_GSP.dbo.TACCOUNT"; $q0 = odbc_exec($gcon, $sql0) or die (odbc_error()); $count0 = odbc_fetch_array($q0); $count = $count0['Result']; $date = date("Y-m-d H:i:s"); $SuckThisEmail = $mail; $sql = "INSERT INTO TGLOBAL_GSP.dbo.TACCOUNT(dwUserID, szUserID, szPasswd, bCheck, dFirstLogin, dLastLogin, szMail) VALUES(? , ?, ?, '1', {ts'".$date."'}, {ts'".$date."'}, '$SuckThisEmail')"; $stmt = odbc_prepare($gcon, $sql); odbc_execute($stmt, array($count + 1, $user, $pw, $mail)); $password = $pw; $salt = getRandomID(); $password_salted = getDoubleSaltedHash($password, $salt); $ip = $_SERVER['REMOTE_ADDR']; $sql1 = "INSERT INTO wcf.wcf1_user (`username`, `email`, `password`, `salt`, `languageID`, `registrationDate`, `styleID`, `activationCode`, `registrationIpAddress`, `lastLostPasswordRequest`, `reactivationCode`, `lastUsernameChange`, `quitStarted`, `banned`, `banReason`, `rankID`, `activityPoints`, `avatarID`, `disableAvatar`, `disableAvatarReason`, `profileHits`, `enableSignatureSmilies`, `enableSignatureHtml`, `enableSignatureBBCodes`, `disableSignature`, `disableSignatureReason`, `pmTotalCount`, `pmUnreadCount`, `pmOutstandingNotifications`, `userOnlineGroupID`) VALUE ('".$user."', '".$mail."', '".$password_salted."', '".$salt."', '2', '".time()."', '0', '0', '".$ip."', '0', '0', '0', '0', '0', '', '0', '0', '0', '0', '', '0', '1', '0', '1', '0', '', '0', '0', '0', '3')"; $q1 = mysql_query($sql1); $sql0 = "SELECT userID FROM wcf.wcf1_user WHERE username = '".$user."'"; $q0 = mysql_query($sql0) or die (mysql_error()); $dat = mysql_fetch_assoc($q0); $userID = $dat['userID']; $sql00 = "INSERT INTO wcf.wcf1_user_to_groups (`userID`, `groupID`) VALUES ('".$userID."', '1')"; $q00 = mysql_query($sql00); $sql00 = "INSERT INTO wcf.wcf1_user_to_groups (`userID`, `groupID`) VALUES ('".$userID."', '3')"; $q00 = mysql_query($sql00); echo '

Your account has been sucessfuly created! You can now Login in the link below.
&raquo; Proceed to Login</p>'; $form = false; } else { $error = 'This username is already taken!!'; } } else { if(!check_mail($mail)) $error = 'The e-mail you entered is not valid!'; if($pw == $pw2) $error = 'The passwords doesn&apos; t match!'; if(!check_name($user) || strlen($user) > 20 || strlen($user) < 6) $error = 'The user name must not contain special characters and must be 6-20 characters long!'; if(!$resp->is_valid) $error = 'The reCaptcha has not been solved properly!'; } } if($form) { echo '<h4>Create Account</h4>'; echo' <form action="register.php" method="post"> <label>Name (*required)</label> <input type="text" name="userbox" id="userbox" /> <label>E-mail (*required)</label> <input type="text" name="email" id="email" /> <label>Password (*required)</label> <input type="password" name="password" id="password" /> <label>Re-enter password (*required)</label> <input type="password" name="password2" id="password2" />

'; require_once('includes/recaptchalib.php'); echo recaptcha_get_html(CMS_PUKEY); echo '
<input type="submit" value="Submit and Create Account" class="read_more2" /> </form>'; if(isset($error)) { echo '


'.$error.'</p>'; } } } else { echo '

You can&apos; t create an account, when you are logged in!
&raquo; Back to Homepage</p>'; } ?> </div>  <div class="clear"></div> </div> </div>

Devo metterlo solo in register.php e login.php o anche negli altri form come contact.php?
Praticamente ogni volta che vedo una cosa tipo:

codice:

$oldpw = $_POST['oldpw']

Devo mettere

codice:

mysql_real_escape_string($oldpw)

Giusto o no?

attenzione che cosi come lo hai meso non ha senso!

NO: $user = $_POST['userbox']; mysql_real_escape_string($userbox)

o fai:

$user = $_POST['userbox'];
$user = mysql_real_escape_string($user);

o più pratico:
$user = mysql_real_escape_string($_POST['userbox']);

ricordati il ";" alla fine mi sembra che qualcuno manchi!

cosi per tutte!
ciao

Discussione: AntiSQL injection

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio