Saberman Posted August 18, 2009 Posted August 18, 2009 can some plase check this script and tell me if it is secure and if not which part need to be secure <?php include "globals.php"; if($ir['location'] > 1) { die("You cant use this feature while in a different city."); } print "<center><font size='4' face='Arial, Helvetica, sans-serif'>Your Properties</font><hr width=75%>"; switch($_GET['action']) { case 'sell': sell_house(); break; case 'market': market_house(); break; case 'give': send_house(); break; case 'move': move_house(); break; default: your_houses(); break; } function your_houses() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prOWNER={$userid} ORDER BY h.hPRICE ASC",$c); if ($db->num_rows($q) == 0) { print "You have no houses."; } else { print "<table width=60% cellspacing=1>"; while($r=$db->fetch_row($q)) { print "<tr>"; $dfi=$db->query("SELECT * FROM users WHERE userid={$r['prOWNER']}",$c); $tb=$db->fetch_row($dfi); print "<td valign='center'> [b]Property: [/b]{$r['hNAME']} [b]Owner: [/b][url='viewuser.php?u={$tb[']{$tb['username']}[/url] [b]Upkeep: [/b]\${$r['hTAX']} [b]Will: [/b]{$r['hWILL']}</td> <td align='center'> [[url='properties.php?action=move&ID={$r[']Move In[/url]] "; $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$r['prID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($r['hWILL'] != '100' && $tr == '0') { print " [[url='properties.php?action=market&ID={$r[']Market[/url]] [[url='properties.php?action=give&ID={$r[']Give[/url]] "; } $hprice=money_formatter($r['hPRICE']); print "</tr><tr><td height='10'></td></tr>"; } print "</table> "; } } function send_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } if($_POST['user']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($q)==0) { print " Invalid house ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $m=$db->query("SELECT * FROM users WHERE userid={$_POST['user']} LIMIT 1",$c); if($db->num_rows($m) == 0) { print " You are trying to send to an invalid user! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if (!$_GET['ID']) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $rm=$db->fetch_row($m); $db->query("UPDATE properties SET prOWNER={$_POST['user']} WHERE prID={$_GET['ID']}",$c); } print " You sent the {$r['hNAME']} to {$rm['username']}. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; event_add($_POST['user'],"You received the {$r['hNAME']} from [url='viewuser.php?u=$userid']{$ir['username']}[/url]",$c,'transfer'); } } else if($_GET['ID']) { $id=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($id)==0) { print " Invalid house ID. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if ($_GET['ID']==0) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($id); print " [b]Enter the ID of the user you want to give the {$r['hNAME']} to.[/b] <form action='properties.php?action=give&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' />User ID: <input type='text' name='user' value='' /> <input type='submit' value='Give House' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { print " Invalid use of file. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } function market_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } $_POST['price'] = abs((int) $_POST['price']); if($_POST['price']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $db->query("INSERT INTO propertymarket VALUES ('','$userid',{$_POST['price']},'{$r['hID']}')", $c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); print " House added to market. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { $q=$db->query("SELECT * FROM properties WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); print " Adding a house to the property market... <form action='properties.php?action=market&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Price: <input type='text' name='price' value='0' /> <input type='submit' value='Add' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } } function move_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); $r=$db->fetch_row($q); if ($r['prOWNER'] != $ir['userid']) { print " This house does not belong to you. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $mpq=$db->query("SELECT * FROM houses WHERE hWILL={$ir['maxwill']}",$c); $mp=$db->fetch_row($mpq); print " You moved into your {$r['hNAME']}! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $db->query("INSERT INTO `properties` (`prID`, `prOWNER`, `prHOUSE`) VALUES ('', '$userid', '{$mp['hID']}');",$c); $db->query("UPDATE users SET maxwill={$r['hWILL']},will=0 WHERE userid=$userid",$c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); } } $h->endpage(); ?>[/code Quote
furn355 Posted August 19, 2009 Posted August 19, 2009 Re: secure what have you done to secure the variables? Is it a question of "is this script secure" or i haven't really checked this script " can someone secure it for me?" Quote
Saberman Posted August 19, 2009 Author Posted August 19, 2009 Re: secure i ment is the script secure and if not what need to be secured Quote
Haunted Dawg Posted August 19, 2009 Posted August 19, 2009 Re: secure $m=$db->query("SELECT * FROM users WHERE userid={$_POST['user']} LIMIT 1",$c); Might wanna secure your post. $db->query("UPDATE properties SET prOWNER={$_POST['user']} WHERE prID={$_GET['ID']}",$c); Your get... $id=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); I don't think your $_GET['ID'] will be defined from before. Quote
Saberman Posted August 19, 2009 Author Posted August 19, 2009 Re: secure so will these be enough to secure those $_POST['user'] = abs((int) $_POST['user']); $_GET['ID'] = abs((int) $_GET['ID']); Quote
Saberman Posted August 19, 2009 Author Posted August 19, 2009 Re: secure i have secured the get and post is it is their anymore that could be secured <?php include "globals.php"; if($ir['location'] > 1) { die("You cant use this feature while in a different city."); } print "<center><font size='4' face='Arial, Helvetica, sans-serif'>Your Properties</font><hr width=75%>"; switch($_GET['action']) { case 'sell': sell_house(); break; case 'market': market_house(); break; case 'give': send_house(); break; case 'move': move_house(); break; default: your_houses(); break; } function your_houses() { global $db,$ir,$c,$userid,$h; $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prOWNER={$userid} ORDER BY h.hPRICE ASC",$c); if ($db->num_rows($q) == 0) { print "You have no houses."; } else { print "<table width=60% cellspacing=1>"; while($r=$db->fetch_row($q)) { print "<tr>"; $dfi=$db->query("SELECT * FROM users WHERE userid={$r['prOWNER']}",$c); $tb=$db->fetch_row($dfi); print "<td valign='center'> [b]Property: [/b]{$r['hNAME']} [b]Owner: [/b][url='viewuser.php?u={$tb[']{$tb['username']}[/url] [b]Upkeep: [/b]\${$r['hTAX']} [b]Will: [/b]{$r['hWILL']}</td> <td align='center'> [[url='properties.php?action=move&ID={$r[']Move In[/url]] "; $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$r['prID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($r['hWILL'] != '100' && $tr == '0') { print " [[url='properties.php?action=market&ID={$r[']Market[/url]] [[url='properties.php?action=give&ID={$r[']Give[/url]] "; } $hprice=money_formatter($r['hPRICE']); print "</tr><tr><td height='10'></td></tr>"; } print "</table> "; } } function send_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } if($_POST['user']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($q)==0) { print " Invalid house ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $_POST['user'] = abs((int) $_POST['user']); $m=$db->query("SELECT * FROM users WHERE userid={$_POST['user']} LIMIT 1",$c); if($db->num_rows($m) == 0) { print " You are trying to send to an invalid user! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if (!$_GET['ID']) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $rm=$db->fetch_row($m); $_POST['user'] = abs((int) $_POST['user']); $_GET['ID'] = abs((int) $_GET['ID']); $db->query("UPDATE properties SET prOWNER={$_POST['user']} WHERE prID={$_GET['ID']}",$c); } print " You sent the {$r['hNAME']} to {$rm['username']}. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $_POST['user'] = abs((int) $_POST['user']); event_add($_POST['user'],"You received the {$r['hNAME']} from [url='viewuser.php?u=$userid']{$ir['username']}[/url]",$c,'transfer'); } } else if($_GET['ID']) { $_GET['ID'] = abs((int) $_GET['ID']); $id=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); if($db->num_rows($id)==0) { print " Invalid house ID. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else if ($_GET['ID']==0) { print " This user does not exist. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($id); print " [b]Enter the ID of the user you want to give the {$r['hNAME']} to.[/b] <form action='properties.php?action=give&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' />User ID: <input type='text' name='user' value='' /> <input type='submit' value='Give House' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { print " Invalid use of file. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } function market_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $yd=$db->query("SELECT * FROM rentals WHERE reRENTER=$userid AND rePID={$_GET['ID']}",$c); $zf=$db->fetch_row($yd); $tr=$db->num_rows($yd); if ($tr) { die (" This house has been rented! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%> "); } $_POST['price'] = abs((int) $_POST['price']); if($_POST['price']) { $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); $db->query("INSERT INTO propertymarket VALUES ('','$userid',{$_POST['price']},'{$r['hID']}')", $c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); print " House added to market. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } else { $q=$db->query("SELECT * FROM properties WHERE prID={$_GET['ID']} and prOWNER=$userid",$c); if($db->num_rows($q)==0) { print " Invalid House ID <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $r=$db->fetch_row($q); print " Adding a house to the property market... <form action='properties.php?action=market&ID={$_GET['ID']}' method='post'> <input type='hidden' name='ID' value='{$_GET['ID']}' /> Price: <input type='text' name='price' value='0' /> <input type='submit' value='Add' /></form> <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } } } function move_house() { global $db,$ir,$c,$userid,$h; $_GET['ID'] = abs((int) $_GET['ID']); $q=$db->query("SELECT pr.*,h.* FROM properties pr LEFT JOIN houses h ON pr.prHOUSE=h.hID WHERE pr.prID={$_GET['ID']} AND pr.prOWNER=$userid LIMIT 1",$c); $r=$db->fetch_row($q); if ($r['prOWNER'] != $ir['userid']) { print " This house does not belong to you. <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; } else { $mpq=$db->query("SELECT * FROM houses WHERE hWILL={$ir['maxwill']}",$c); $mp=$db->fetch_row($mpq); print " You moved into your {$r['hNAME']}! <hr width=75%>> [url='properties.php']Back[/url]<hr width=75%>"; $db->query("INSERT INTO `properties` (`prID`, `prOWNER`, `prHOUSE`) VALUES ('', '$userid', '{$mp['hID']}');",$c); $db->query("UPDATE users SET maxwill={$r['hWILL']},will=0 WHERE userid=$userid",$c); $db->query("DELETE FROM properties WHERE prID={$_GET['ID']}",$c); } } $h->endpage(); ?> Quote
wolfe Posted August 19, 2009 Posted August 19, 2009 Re: secure Are you going to make a thread for every file in your game instead of reading up on the different help topics on how to secure your site? Quote
Zero-Affect Posted December 7, 2009 Posted December 7, 2009 when using a GET or POST which will only have numeric content (EVER) i like to use something like the following $_POST['ID'] = (ctype_digit($_POST['ID']) AND !empty($_POST['ID'])) ? $_POST['ID'] : '' ; $_GET['ID'] = (ctype_digit($_GET['ID']) AND !empty($_GET['ID'])) ? $_GET['ID'] : '' ; Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.