Jump to content
MakeWebGames

Injectable through edit profile.php

Syed

By Syed
in Game Support

 Share

Recommended Posts

Syed Newbie

Syed

Posted
Posted

editprofile.php

how can I make the script so that no one can hack the game, and could you xplain to me so I know how to keep a lookout for the codes in future?

 

<?

session_start();

include_once "includes/db_connect.php";

include_once"includes/functions.php";

logincheck();

$username=$_SESSION['username'];

$query=mysql_query("SELECT * FROM users WHERE username='$username'");

$fetch=mysql_fetch_object($query);

$query1=mysql_query("SELECT * FROM user_info WHERE username='$username'");

$user=mysql_fetch_object($query1);







if (($_POST['change_password']) && ($_POST['current_password']) && ($_POST['new_password']) && ($_POST['verify_password'])){


$current_password=mysql_real_escape_string($_POST['current_password']);  
$new_password=mysql_real_escape_string($_POST['new_password']);  
$verify_password=mysql_real_escape_string($_POST['verify_password']);




if ($current_password == $fetch->password && $new_password == $verify_password){

mysql_query("UPDATE users SET password='$new_password' WHERE username='$username'");

echo "Your password has successfully been changed.";

session_destroy();

echo "<script language=\"javascript\">

top.document.location.reload();

</script>";



}else{

echo "<b><center><font color=red>Your password could not be changed. Please try again with the right details!</font></b></center>";

}

}



if ($_POST['change_email']){



$new_email=addslashes(strip_tags($_POST['new_email']));



mysql_query("UPDATE users SET email='$new_email' WHERE username='$username'");

echo "Your email has successfully been changed to $new_email.";



}



if (($_POST['change_quote']) && ($_POST['replyMessage'])){

$quote=strip_tags($_POST['replyMessage']);



mysql_query("UPDATE users SET quote=\"$quote\" WHERE username=\"$username\"");

echo "Your profile has been updated.";





}

if ($_POST['profilecolour']){

$profcolour=addslashes(strip_tags($_POST['hexvalue']));



mysql_query("UPDATE users SET profcolour=\"$profcolour\" WHERE username=\"$username\"");

echo "Your profile colour has been changed to $profcolour.";








}





if (strip_tags($_POST['change_gender'])){

$genderc=addslashes(strip_tags($_POST['genderc']));

if($genderc == "0" || $genderc == "1" || $genderc == "Unknown"){

mysql_query("UPDATE users SET hidecrime='$genderc' WHERE username='$username'");

echo"You have changed your profile."; 

}else{

echo"You can't have that gender.";	


  }}

?>


<?

session_start();

include_once "includes/db_connect.php";

include_once"includes/functions.php";

logincheck();

$username=$_SESSION['username'];

$query=mysql_query("SELECT * FROM users WHERE username='$username'");

$fetch=mysql_fetch_object($query);

$query1=mysql_query("SELECT * FROM user_info WHERE username='$username'");

$user=mysql_fetch_object($query1);







if (($_POST['change_password']) && ($_POST['current_password']) && ($_POST['new_password']) && ($_POST['verify_password'])){


$current_password=mysql_real_escape_string($_POST['current_password']);  
$new_password=mysql_real_escape_string($_POST['new_password']);  
$verify_password=mysql_real_escape_string($_POST['verify_password']);



if ($current_password == $fetch->password && $new_password == $verify_password){

mysql_query("UPDATE users SET password='$new_password' WHERE username='$username'");

echo "Your password has successfully been changed.";

}else{

echo "<b><center><font color=red>Your password could not be changed. Please try again with the right details!</font></b></center>";

if ($_POST['preferences']){
$hidec=strip_tags($_POST['hidec']);
mysql_query("UPDATE users SET hidecrime='$hidec' WHERE username='$username'");
echo "You have changed your Profile."; }

}

}

if (strip_tags($_POST['change_avatar'])){

$new_avatar=addslashes(strip_tags($_POST['new_avatar']));

echo"You have changed your Avatar."; 

mysql_query("UPDATE users SET avatar='$new_avatar' WHERE username='$username'"); 


if ($_POST['change_email']){



$new_email=addslashes(strip_tags($_POST['new_email']));



mysql_query("UPDATE users SET email='$new_email' WHERE username='$username'");

echo "Your email has successfully been changed to $new_email.";











}}



?>




<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>



<title>Edit Profile</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript" src="../AJS/jquery.js"></script>
<script type="text/javascript" src="../AJS/thickbox.js"></script>

<link rel="stylesheet" href="stlye.css" type="text/css" media="screen" />

<script type="text/javascript" src="jscolor.js"></script>

<script language="javascript" type="text/javascript">
function emoticon(text) {
var txtarea = document.tehform.replyMessage;
text = ' ' + text + ' ';
if (txtarea.createTextRange && txtarea.caretPos) {
var caretPos = txtarea.caretPos;
caretPos.text = caretPos.text.charAt(caretPos.text.length - 1) == ' ' ? caretPos.text + text + ' ' : caretPos.text + text;
txtarea.focus();
} else {
txtarea.value  += text;
txtarea.focus();
}
}
</script>

<style type="text/css">

<!--

.hexfield {font-size:10pt;

font-family:verdana, arial, helvetica;

font-weight:bold;

color:#808080; 

border-style:solid;

border-color:#000000;

border-width:1px;

background-color:#FFFFFF;

}
.style2 {font-size: 10px}
.style3 {color: #000000}

-->

</style>

</head>

<center>

<p>




</p>

<table width='600'  align='center' cellpadding="2" cellspacing='0' class="table">

<tr>

       <td width="49%" class='header' height="22"><div align="center"><b><u>Edit Quote</u></b> </div></td>

   </tr>

       <tr>

         <td height="358" valign="top" >



         <form action="" method="post" name="tehform" id="tehform">



           <div align="center">

             <table width="100%" border="0" cellspacing="0" cellpadding="0">

               <tr>

                 <td width="55%" align="center"><table width="100%" border="0" cellspacing="0" cellpadding="0">

                   <tr>

                     <td  height="80"><div align="center">
                       <table width='100%' cellpadding='2' cellspacing='2' >
                         <tr>
                           <td width="20%" align="center" ><a href='#reply' class="style1" onclick="return emoticon('[b] TEXT HERE [/b]')">BOLD TEXT</a></td>
                           <td width='20%' align='center' ><a href='#reply' class="style2" onclick="return emoticon('[i] TEXT HERE [/i]')">ITALIC TEXT</a></td>
                           <td width='20%' align='center' ><a href='#reply' class="style3" onclick="return emoticon('[u] TEXT HERE [/u]')"><u>UNDERLINED TEXT</u></a></td>
                           <td width='20%' align='center' ><a href='#reply' class="style3" onclick="return emoticon('[img= IMAGE URL HERE ]')">IMAGE</a></td>
                         </tr>
                         <tr>
                           <td colspan='11' align='center' ><a href='#reply' onclick="return emoticon(':twisted:')"><img src="/Smiles/icon_twisted.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':roll:')"><img src=" /Smiles/icon_rolleyes.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':evil:')"></a> <a href='#reply' onclick="return emoticon(':twisted:')"></a> <a href='#reply' onclick="return emoticon(':exclaim:')"><img src=" /Smiles/icon_exclaim.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':roll:')"></a> <a href='#reply' onclick="return emoticon(';)')"><img src=" /Smiles/icon_wink.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':question:')"><img src=" /Smiles/icon_question.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(';)')"></a> <a href='#reply' onclick="return emoticon(':)')"><img src=" /Smiles/icon_smile.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':(')"><img src=" /Smiles/icon_sad.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':o')"><img src=" /Smiles/icon_surprised.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':eek:')"><img src=" /Smiles/icon_eek.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':eek:')"></a> <a href='#reply' onclick="return emoticon(':idea:')"><img src=" /Smiles/icon_idea.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':redface:')"><img src=" /Smiles/icon_redface.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':P')"></a> <a href='#reply' onclick="return emoticon(':cry:')"><img src=" /Smiles/icon_cry.gif" alt="a" width="15" height="15" border="0" /></a><a href='#reply' onclick="return emoticon(':redface:')"></a> <a href='#reply' onclick="return emoticon(':evil:')"><img src=" /Smiles/icon_evil.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':arrow:')"><img src=" /Smiles/icon_arrow.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':mrgreen:')"><img src=" /Smiles/icon_mrgreen.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':D')"><img src=" /Smiles/icon_biggrin.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':S')"><img src=" /Smiles/icon_confused.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':S')"></a> <a href='#reply' onclick="return emoticon(':cool:')"><img src=" /Smiles/icon_cool.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':cool:')"></a> <a href='#reply' onclick="return emoticon(':lol:')"><img src=" /Smiles/icon_lol.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':lol:')"></a> <a href='#reply' onclick="return emoticon(':mad:')"><img src=" /Smiles/icon_mad.gif" alt="a" width="15" height="15" border="0" /></a> <a href='#reply' onclick="return emoticon(':P')"><img src=" /Smiles/icon_razz.gif" alt="a" width="15" height="15" border="0" /></a><a href='#reply' onclick="return emoticon(':mrblue:')"><img src=" /Smiles/icon_mrblue.gif" alt="a" width="15" height="15" border="0" /></a><a href='#reply' onclick="return emoticon(':mrorange:')"><img src=" /Smiles/icon_mrorange.gif" alt="a" width="15" height="15" border="0" /></a><a href='#reply' onclick="return emoticon(':mrgrey:')"><img src=" /Smiles/icon_mrgrey.gif" alt="a" width="15" height="15" border="0" /></a><a href='#reply' onclick="return emoticon(':edevil:')"><img src=" /Smiles/icon_devil.gif" alt="a" width="30" height="52" border="0" /></a></td>
                         </tr>
                       </table>
                       <br>

                       <br>

                     </div></td>
                   </tr>

                 </table>

                   <table width="100%" border="0" cellspacing="0" cellpadding="0">

                     <tr>

                       <td width="71%" align="center"><textarea id='replyMessage' name='replyMessage' class='textb' style='width: 100%; height: 200px'><?php echo "$fetch->quote"; ?></textarea></textarea></td>


                     </tr>

                   </table>

                            <input name='change_quote' type='submit' class="button" value='Update Profile' /></td>



               </tr>

             </table>
             <p><a href="profile.php?viewuser=<?php echo "$username"; ?>">View Your Profile</a></p>
           </div>

         </form></td>

       </tr>  </table>
<br>
<table width='600'  align='center' cellpadding="2" cellspacing='0' class="table">
      <tr> <td width="49%" class='header' height="22"><div align="center"><strong>Account Settings</strong></div></td>

   </tr> <tr> <td height="520"><form action="" method="post" name="form1">

         <table width="100%" border="0" cellspacing="0" cellpadding="2">

             <tr>

               <td width="49%" height="39" align="center"><p align="center">Current Password:

                 <input name='current_password' type='password' class="textbox" size='15' />



               </td>

           </tr>

             <tr>

               <td height="40" align="center">New Password:

               <input name='new_password' type='password' class="textbox" size='15' /></td>

             </tr>

             <tr>

               <td height="42" align="center">Verify New Password:

                 <input name='verify_password' type='password' class="textbox" size='15' /></td>

             </tr>

             <tr>

               <td height="43" align="center"><input name="change_password" type="submit" class="button" value="Change Pass!"></td>

             </tr>

             <tr>

               <td height="43" align="center">Change Email:

                 <input name='new_email' type='text' class="textbox" value="<?php echo "$fetch->email"; ?>" size='40' maxlength='40' /></td>
               </tr>

             <tr>

               <td height="36" align="center"><input name="change_email" type="submit" class="button" value="Change Email!"></td>

             </tr>


                         <tr></tr>
             <tr></tr>

             <tr>
               <td align="center">Profile Colour : <br>
                 <input name='hexvalue' type='text' class="color" value="<?php echo"$fetch->profcolour";?>" size="6">
                 <br></td>
             </tr>
             <tr>
               <td align="center"><input name='profilecolour' type='submit' class="button" value='Profile Colour' /></td>
             </tr>




             <? if ($fetch->hidecrime == "0"){ $selected = " selected"; }else{ $selected = ""; }
if ($fetch->hidecrime == "1"){ $selected1 = " selected"; }else{ $selected1 = ""; }
?>
<tr class="table">
               <td><div align="center">Change Avatar</div></td>
             </tr>
             <tr class="table">
               <td height="22"><div align="center">Avatar:
                 <input name='new_avatar' type='text' class="textbox" value="<?php echo "$fetch->avatar"; ?>" size='60' maxlength='100' />
               </div></td>
             </tr>
             <tr class="table">
               <td height="22"><div align="center">
                 <input name="change_avatar" type="submit" class="button" value="Update">
               </div></td>
             </tr>
         </table>

</form>

		       </td>

   </tr>

 </table>

</center>

<p> </p>

</html>
Link to comment
Share on other sites
KyleMassacre Collaborator

KyleMassacre

Posted
Posted

Well for one its not a script its a plethera of codes. You need to sanitize your inputs and out puts. I myself am no security expert what so ever I pay people to do it for me so if your unsure how there are plenty of people that do.

Rumor has it mysql_real_escape_string() works pretty good for some of those things

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...