Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts

$_php Self

Started by SWilly , Oct 18 2005 03:51 PM

Please log in to reply

7 replies to this topic

#1 SWilly

Private First Class

Members
78 posts

Posted 18 October 2005 - 03:51 PM

I'm currently working with a universty on aproject that requiers some php skilles.
i've built a registration system at home and went to check it on the universty computr.
i had to install apache webserver and php suport, sql database server.
after installing the servers and checking if they are fully works. i tested my php code.

i got forrbiden massage trying to use $_php self in a form action="<? $_phpself?>". the same thing happened when i tried to replace $_php self with the name of the same file (ex: register.php calls himself in the form action)

the opration system is winxp BUT there something there dealing with NOVAL the login window is NOVAL
dose this have to do something with the forbbiden. mayb the user loged dosen't have premmision to use $_phpself or is there something in the apache/php config file?
i didn't messed around with the file all i did is add php support in a cgi mode to apache (couldn't get the addmoudle option to work).
the code works fine on my home computer

Heres the register.php file:

<?php
//session_start();
?>
<html>
<head>
</head>
<body>

<!--HTML form -->
<form action="register.php" method="POST">
User name: <input type="text" name="username"><br><br>
Password: <input type="password" name="password"><br><br>
Confirm password <input type="password" name="passconf"><br><br>
Session: <select NAME="session" SIZE="1" width="30"><br><br>
<option value="" SELECTED>Session number
	<option value="1">1
	<option value="2">2
	<option value="3">3
	<option value="4">4
	<option value="5">5
	<option value="6">6
</select>  
Group: <select name="group" size="1" width="30">
<option value="" selected>Group number
<option value="1">1
<option value="2">2
<option value="3">3
<option value="4">4
</select><br><br>
<input type="submit" value="Register">
</form>


<?php
if (($_POST['username'] !='') &&($_POST['password']!='')){//Checks if theres input
include 'sqlconnect.php'; //sql connect and disconnect functions
$link = sql_connect(); //Connect to sql server useing root user. connecting to 'remotelearning' db

//--------------Verification----------------------------------

$username = $_POST['username']; //get username from the form

$result = mysql_query("SELECT * FROM students"); // mayb instade of * i could use SELECT username

while ($row = mysql_fetch_array($result)){ //checks if username exisstes
	If ($row['username'] == $username){ // don't need the ['username']
		sql_disconnect($link);
		die("Username exisstes");
	}	
}
print"Username ok";
print"<br>";

$password = $_POST['password'];

if ($password !=$_POST['passconf']){
	sql_disconnect($link);
	die("Password didn't match");
}
print"password confirmed";
$password = md5($password);
print"<br>";
$session=$_POST["session"];
$group=$_POST["group"];

if( $session == null or $group ==  null){
	sql_disconnect($link);
	print ("You must select a session and a group number");
	die;
}
$query=("INSERT INTO students VALUES ('','$username', '$password','$session','$group') " );
	if ($result=mysql_query($query)){
		print "Thank you for registrting";
		echo "<br><br>";
		shell_exec ("md $username");
		echo"<a href=login.php> Login</a>";
		
	}
	else
		die(mysql_error());
		//set Session.
}
?>
</body>
</html>

Back to top

#2 SkitZZ

Specialist

Members
139 posts

Posted 18 October 2005 - 06:20 PM

try and use "<?php echo $_SERVER['PHP_SELF']; ?>"

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">

this link might help too

hxxp://au.php.net/reserved.variables

SkitZZ

Back to top

#3 Guest_stay_*

Guests

Posted 19 October 2005 - 04:07 AM

...and further your whole code is bad and i think also unsecure!

concerning better code:

<?
include("sqlconnect.php");
$con=sql_connect();
if(!$con) { echo mysql_error(); exit(); }

$user=$_POST[username]; $pass=md5($_POST[password]); $passconf=md5($_POST[passconf]);
$group=$_POST[group]; $session=$_POST[session];

if(empty($user) || empty($pass) || empty($passconf || empty($group) || empty($session))) { 
echo"fill in all fields and chose session and group number!"; exit(); }

if($pass!=$passconf) { echo"passconfirm doesn't match"; exit(); }

$res=mysql_query("select * from students where username='$user'");
if(mysql_num_rows($res)>0) { echo"User $user already exists!"; exit(); } 

$sql="insert into students (dontknowwhichfield, username, pass, session, group) values ('','$user','$pass','$session','$group')";
if(mysql_query($sql)) { echo"user added";  sql_disconnect($link); }
else { echo"user creation failed: ".mysql_error().""; sql_disconnect($link); exit(); }
//better simply use mysql_disconnect()

shell_exec("md $username"); //there's also a php function for it, would also better for checking if dir creation ok!
echo"<a href=\"login.php\">Login</a>";
?>

about better code:
-why crypt password so late? simply us md5() at the beginning...

"while ($row = mysql_fetch_array($result)){ //checks if username exisstes
If ($row['username'] == $username){ // don't need the ['username']"
- why compare every line? simply (try to) select the line and check how many affected rows there are...
should also be less cpu intensive

"if( $session == null or $group == null){"
you probably should check if session and area are in a special range or whatever, you only check if it's empty or not; a student could simply build his own html form...

"$query=("INSERT INTO students VALUES ('','$username', '$password','$session','$group') " );"
normally you use "insert into students (field1name, field2name) values (field1value, field2value)";
did your method work for you? however entering the fieldnames makes changes later more easy...

"shell_exec ("md $username");"
-better use the php function for dir creation, gives you additional checks (or at least the possibility to do them)

general:
use exit() to prevent }}; using exit() you normally only need one };
makes code easier and there's no reason to execute/parse the rest of your script if there's a error

disconnect at the end and not for everything...
(well, using exit you will have to disconnect every time if you want clean code, simply use a function including
exit();
sql_disconnect();
and replace exit() in my code above with this function...

security:
1) If ($row['username'] == $username)

$username="'bla' && mysql_query("delete * from students")";
If ($row['username'] == 'bla' && mysql_query("delete * from students"))

i don't know very much about sql injection but your script should be vulnerable to it, so best you can do is use =="$username" and additional check username and other stuff for allowed characters.

well, there are still some other things, but they are similar or not that important, however you should make sure you get it to wite better and more secure code

Back to top

#4 SWilly

Private First Class

Members
78 posts

Posted 19 October 2005 - 02:36 PM

Big thanks for your coments. i'll make the changes. (allways trying to improve the code)
if anyone can pointout anyother code improvments please do thank you.

I guess you don't know why i get the forbian premision when useing $_phpself in form action.
i'm starting to think it's the noval system have to do something to do with it.

Back to top

#5 TheBed

Private First Class

Members
24 posts

Posted 20 October 2005 - 02:14 PM

If $_SERVER['PHP_SELF'] works like skittz said, then I think $_PHPSELF didn't work because the server has register_globals disabled in the PHP configuration file.

Back to top

#6 SWilly

Private First Class

Members
78 posts

Posted 20 October 2005 - 04:13 PM

If $_SERVER['PHP_SELF'] works like skittz said, then I think $_PHPSELF didn't work because the server has register_globals disabled in the PHP configuration file.

i've found this in my php.ini-recommended

register_globals = Off		 [Security, Performance]
;	 Global variables are no longer registered for input data (POST, GET, cookies,
;	 environment and other server variables).  Instead of using $foo, you must use
;	 you can use $_REQUEST["foo"] (includes any variable that arrives through the
;	 request, namely, POST, GET and cookie variables), or use one of the specific
;	 $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending
;	 on where the input originates.  Also, you can look at the
;	 import_request_variables() function.
;	 Note that register_globals is going to be depracated (i.e., turned off by
;	 default) in the next version of PHP, because it often leads to security bugs.
;	 Read http://php.net/manual/en/security.registerglobals.php for further
;	 information.

this is on my home computer nevertheless the forbiden premision problem dosen't accure