Jeżeli takowe istnieją proszę o pomoc w zabezpieczeniu skryptów
z góry dziękuję
*Przydatne do sprawdzania skryptów mogą być viedo arty http://www.uw-team.org/index.php?id=videoarty
*Chcę się także dowiedzieć czy jest jakaś luka, która pozwoli, na włamanie się na konto lub do bazy
*Chcę się także dowiedzieć czy jest jakaś luka, która pozwoli, na zmianę user_type.
link: www.tibia-emperor.yoyo.pl
index.php
Kod
<?php
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
session_start();
if (isset($_SESSION['nick'])){
$nick=$_SESSION['nick'];
} else {
$nick='';}
if (isset($_SESSION['type'])){
$types=$_SESSION['type'];
} else {
$types='';}
$type = array("<b>Free</b>", "<b>Vip</b>", "<b>Premium</b>", "<b>Administrator</b>");
?>
<?php
$abc = "SELECT Count(*) from users_plus WHERE login='$nick' ";
$query = mysql_query($abc);
$count = mysql_fetch_row($query);
?>
<?php
if($_GET["logout"]=="yes"){
$_SESSION["login"]=0;
echo "Zostałeś wylogowany z serwisu Tibia Emperor";}
if($_SESSION["login"]==1) {
echo " Witaj $nick<br> Ilosć logów: $count[0]<br>Typ Konta: $type[$types]<br>
<br><br><a href='index.php?logout=yes'>Wyloguj się</a>";
} else {
if (!isset($_POST['wyslij'])) {
echo "<form action='index.php' method=post>
<table><tr><td>Login:</td> <td><input type=text name='login'></td></tr>
<tr><td>Hasło:</td> <td><input type=password name='haslo'></td></tr>
<tr><td><a href='rejestruj.php'>Rejestracja</a></td> <td><input type=submit name='wyslij' value='Zaloguj'></td></tr></table>
</form>";
} else {
$login = $_POST["login"];
$pass = $_POST["haslo"];
if(!empty($login) && !empty($pass)){
$haslo = md5(md5($pass));
$sprawdz = mysql_query("SELECT * FROM users WHERE login='$login' && haslo='$haslo'");
if(mysql_num_rows($sprawdz) == 1){
echo "Zalogowano poprawnie. <a href='index.php'>Przejdź na stronę główną</a>";
$_SESSION["login"]=1;
$add = mysql_query("SELECT * FROM users WHERE login='$login' && haslo='$haslo'");
$pokaz = mysql_fetch_array($add);
$types = $pokaz['type'];
$_SESSION["type"]=$types;
$_SESSION["nick"] = $login;
} else {
echo "Podałes nieprawidłowe Dane."; }
} else {
echo "Nie wpisałeś żadnych danych.";}
}
}
mysql_close();
?>
<?php include 'pokaz.php'; ?>
]mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
session_start();
if (isset($_SESSION['nick'])){
$nick=$_SESSION['nick'];
} else {
$nick='';}
if (isset($_SESSION['type'])){
$types=$_SESSION['type'];
} else {
$types='';}
$type = array("<b>Free</b>", "<b>Vip</b>", "<b>Premium</b>", "<b>Administrator</b>");
?>
<?php
$abc = "SELECT Count(*) from users_plus WHERE login='$nick' ";
$query = mysql_query($abc);
$count = mysql_fetch_row($query);
?>
<?php
if($_GET["logout"]=="yes"){
$_SESSION["login"]=0;
echo "Zostałeś wylogowany z serwisu Tibia Emperor";}
if($_SESSION["login"]==1) {
echo " Witaj $nick<br> Ilosć logów: $count[0]<br>Typ Konta: $type[$types]<br>
<br><br><a href='index.php?logout=yes'>Wyloguj się</a>";
} else {
if (!isset($_POST['wyslij'])) {
echo "<form action='index.php' method=post>
<table><tr><td>Login:</td> <td><input type=text name='login'></td></tr>
<tr><td>Hasło:</td> <td><input type=password name='haslo'></td></tr>
<tr><td><a href='rejestruj.php'>Rejestracja</a></td> <td><input type=submit name='wyslij' value='Zaloguj'></td></tr></table>
</form>";
} else {
$login = $_POST["login"];
$pass = $_POST["haslo"];
if(!empty($login) && !empty($pass)){
$haslo = md5(md5($pass));
$sprawdz = mysql_query("SELECT * FROM users WHERE login='$login' && haslo='$haslo'");
if(mysql_num_rows($sprawdz) == 1){
echo "Zalogowano poprawnie. <a href='index.php'>Przejdź na stronę główną</a>";
$_SESSION["login"]=1;
$add = mysql_query("SELECT * FROM users WHERE login='$login' && haslo='$haslo'");
$pokaz = mysql_fetch_array($add);
$types = $pokaz['type'];
$_SESSION["type"]=$types;
$_SESSION["nick"] = $login;
} else {
echo "Podałes nieprawidłowe Dane."; }
} else {
echo "Nie wpisałeś żadnych danych.";}
}
}
mysql_close();
?>
<?php include 'pokaz.php'; ?>
dodaj.php
Kod
<?php
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if (isset($_GET['user'])){
$user=$_GET['user'];
} else {
$user='';}
if (isset($_GET['account'])){
$account=$_GET['account'];
} else {
$account='';}
if (isset($_GET['password'])){
$password=$_GET['password'];
} else {
$password='';}
if (isset($_GET['note'])){
$note=$_GET['note'];
} else {
$note='';}
$ip=$_SERVER['REMOTE_ADDR'];
?>
<?php
if (isset($user) && isset($account) && isset($password) && isset($note) && isset($ip) ) {
$query = "INSERT INTO users_plus (id, login, account, password, note, ip, date) VALUES (0 , '$user' , '$account' , '$password' , '$note', '$ip', NOW())";
if (@mysql_query ($query)) {
echo "Dodano";
} else {
echo "Nie Dodano"; }
}else{
echo "Zly Link";
}
mysql_close();
?>
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if (isset($_GET['user'])){
$user=$_GET['user'];
} else {
$user='';}
if (isset($_GET['account'])){
$account=$_GET['account'];
} else {
$account='';}
if (isset($_GET['password'])){
$password=$_GET['password'];
} else {
$password='';}
if (isset($_GET['note'])){
$note=$_GET['note'];
} else {
$note='';}
$ip=$_SERVER['REMOTE_ADDR'];
?>
<?php
if (isset($user) && isset($account) && isset($password) && isset($note) && isset($ip) ) {
$query = "INSERT INTO users_plus (id, login, account, password, note, ip, date) VALUES (0 , '$user' , '$account' , '$password' , '$note', '$ip', NOW())";
if (@mysql_query ($query)) {
echo "Dodano";
} else {
echo "Nie Dodano"; }
}else{
echo "Zly Link";
}
mysql_close();
?>
pokaz.php
Kod
<?php
session_start();
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if ($_SESSION['login'] == 1) {
if ($_SESSION['type'] == 0) {
if ( isset($_GET['del_id']) ) {
$queryy = " DELETE FROM `users_plus` WHERE `id` = {$_GET['del_id']} LIMIT 1";
$rez = mysql_query ($queryy);
};
echo "<table border=1 width=100><tr><td width=100 align=center><b>Account</b></td><td width=100 align=center><b>Password</b></td><td width=10 align=center><b>Usuń</b></td></tr>";
$data_query = "SELECT * FROM users_plus WHERE login='$nick' ORDER BY id DESC";
if ($r = mysql_query($data_query)) {
while ($print = mysql_fetch_array
($r)) {
echo"<tr><td width=100 align=center>{$print['account']}</td><td width=100 align=center>{$print['password']}</td><td width=100 align=center><a href=\"index.php?show=pokaz&del_id={$print['id']}\"><img class=icon src=images/usun.gif title=Usuń alt=Usuń></a></td></tr>";
}
} else { echo "Error: " . mysql_error() . ""; }
echo "</table>";
} else {
echo ""; }
} else {
echo "";
}
?>
<?php
if ($_SESSION['login'] == 1) {
if ($_SESSION['type'] == 1 || $_SESSION['type'] == 2 || $_SESSION['type'] == 3) {
if ( isset($_GET['del_id']) ) {
$queryy = " DELETE FROM `users_plus` WHERE `id` = {$_GET['del_id']} LIMIT 1";
$rez = mysql_query ($queryy);
};
echo "<table border=1 width=400><tr><td width=100 align=center><b>Data</b></td><td width=100 align=center><b>Account</b></td><td width=100 align=center><b>Password</b></td><td width=100 align=center><b>IP</b></td><td width=300 align=center><b>Notatka</b></td><td width=10 align=center><b>Usuń</b></td></tr>";
$data_query = "SELECT * FROM users_plus WHERE login='$nick' ORDER BY id DESC";
if ($r = mysql_query($data_query)) {
while ($print = mysql_fetch_array
($r)) {
echo"<tr><td width=100 align=center>{$print['date']}</td><td width=100 align=center>{$print['account']}</td><td width=100 align=center>{$print['password']}</td><td width=100 align=center>{$print['ip']}</td><td width=500 align=left>{$print['note']}</td><td width=100 align=center><a href=\"index.php?show=pokaz&del_id={$print['id']}\"><img class=icon src=images/usun.gif title=Usuń alt=Usuń></a></td></tr>";
}
} else { echo "Error: " . mysql_error() . ""; }
echo "</table>";
} else {
echo ""; }
} else {
echo "";
}
mysql_close();
?>
session_start();
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if ($_SESSION['login'] == 1) {
if ($_SESSION['type'] == 0) {
if ( isset($_GET['del_id']) ) {
$queryy = " DELETE FROM `users_plus` WHERE `id` = {$_GET['del_id']} LIMIT 1";
$rez = mysql_query ($queryy);
};
echo "<table border=1 width=100><tr><td width=100 align=center><b>Account</b></td><td width=100 align=center><b>Password</b></td><td width=10 align=center><b>Usuń</b></td></tr>";
$data_query = "SELECT * FROM users_plus WHERE login='$nick' ORDER BY id DESC";
if ($r = mysql_query($data_query)) {
while ($print = mysql_fetch_array
($r)) {
echo"<tr><td width=100 align=center>{$print['account']}</td><td width=100 align=center>{$print['password']}</td><td width=100 align=center><a href=\"index.php?show=pokaz&del_id={$print['id']}\"><img class=icon src=images/usun.gif title=Usuń alt=Usuń></a></td></tr>";
}
} else { echo "Error: " . mysql_error() . ""; }
echo "</table>";
} else {
echo ""; }
} else {
echo "";
}
?>
<?php
if ($_SESSION['login'] == 1) {
if ($_SESSION['type'] == 1 || $_SESSION['type'] == 2 || $_SESSION['type'] == 3) {
if ( isset($_GET['del_id']) ) {
$queryy = " DELETE FROM `users_plus` WHERE `id` = {$_GET['del_id']} LIMIT 1";
$rez = mysql_query ($queryy);
};
echo "<table border=1 width=400><tr><td width=100 align=center><b>Data</b></td><td width=100 align=center><b>Account</b></td><td width=100 align=center><b>Password</b></td><td width=100 align=center><b>IP</b></td><td width=300 align=center><b>Notatka</b></td><td width=10 align=center><b>Usuń</b></td></tr>";
$data_query = "SELECT * FROM users_plus WHERE login='$nick' ORDER BY id DESC";
if ($r = mysql_query($data_query)) {
while ($print = mysql_fetch_array
($r)) {
echo"<tr><td width=100 align=center>{$print['date']}</td><td width=100 align=center>{$print['account']}</td><td width=100 align=center>{$print['password']}</td><td width=100 align=center>{$print['ip']}</td><td width=500 align=left>{$print['note']}</td><td width=100 align=center><a href=\"index.php?show=pokaz&del_id={$print['id']}\"><img class=icon src=images/usun.gif title=Usuń alt=Usuń></a></td></tr>";
}
} else { echo "Error: " . mysql_error() . ""; }
echo "</table>";
} else {
echo ""; }
} else {
echo "";
}
mysql_close();
?>
rejestruj.php
Kod
<?php
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if (!isset($_POST['wyslij'])) {
echo "<form action='rejestruj.php' method=post>
<table>
<tr><td>Login:</td> <td><input type=text name='login'></td></tr>
<tr><td>Hasło:</td> <td><input type=password name='haslo1'></td></tr>
<tr><td>Powtórz Hasło:</td> <td><input type=password name='haslo2'></td></tr>
<tr><td>E-mail: <td><input type=text name='mail'></td></tr>
<tr><td>GG: <td><input type=text name='gadu'></td></tr>
</table>
<input type=submit name='wyslij' value='Utwórz Konto'>
</form>";
} else {
$login = $_POST['login'];
$pass1 = $_POST['haslo1'];
$pass2 = $_POST['haslo2'];
$mail = $_POST['mail'];
$gg = $_POST['gadu'];
?>
<?php
if(!empty($login) && !empty($pass1) && !empty($pass2) && !empty($mail)){
if ($pass1 == $pass2) {
$sprawdz_rekord = mysql_query("SELECT * FROM users WHERE login='$login'");
if(mysql_num_rows($sprawdz_rekord)==1) {
echo "Użytkownik $login już istnieje";
}else{
$haslo = md5(md5($pass2));
$add = "INSERT INTO users (id, login, haslo, mail, gg, type) VALUES (0 , '$login' , '$haslo' , '$mail' , '$gg', '0')";
if (@mysql_query ($add)) {
echo "Gratulujemy $login twoje konto zostało utworzone";
} else {
echo "Error: " . mysql_error() . ""; }
}
} else {
echo 'Wpisałeś dwa rózne hasła'; }
} else {
echo "Nie wypełniłeś wszystkich pól."; }
}
mysql_close();
?>
mysql_connect("xxx", "xxx", "xxx")or die("Database Error: Cannot Connect");
mysql_select_db("xxx")or die("Database Error: Cannot found database");
?>
<?php
if (!isset($_POST['wyslij'])) {
echo "<form action='rejestruj.php' method=post>
<table>
<tr><td>Login:</td> <td><input type=text name='login'></td></tr>
<tr><td>Hasło:</td> <td><input type=password name='haslo1'></td></tr>
<tr><td>Powtórz Hasło:</td> <td><input type=password name='haslo2'></td></tr>
<tr><td>E-mail: <td><input type=text name='mail'></td></tr>
<tr><td>GG: <td><input type=text name='gadu'></td></tr>
</table>
<input type=submit name='wyslij' value='Utwórz Konto'>
</form>";
} else {
$login = $_POST['login'];
$pass1 = $_POST['haslo1'];
$pass2 = $_POST['haslo2'];
$mail = $_POST['mail'];
$gg = $_POST['gadu'];
?>
<?php
if(!empty($login) && !empty($pass1) && !empty($pass2) && !empty($mail)){
if ($pass1 == $pass2) {
$sprawdz_rekord = mysql_query("SELECT * FROM users WHERE login='$login'");
if(mysql_num_rows($sprawdz_rekord)==1) {
echo "Użytkownik $login już istnieje";
}else{
$haslo = md5(md5($pass2));
$add = "INSERT INTO users (id, login, haslo, mail, gg, type) VALUES (0 , '$login' , '$haslo' , '$mail' , '$gg', '0')";
if (@mysql_query ($add)) {
echo "Gratulujemy $login twoje konto zostało utworzone";
} else {
echo "Error: " . mysql_error() . ""; }
}
} else {
echo 'Wpisałeś dwa rózne hasła'; }
} else {
echo "Nie wypełniłeś wszystkich pól."; }
}
mysql_close();
?>
