The Cave of Dragonflies forums

Go Back   The Cave of Dragonflies forums > Websites > Webmaster Help and Discussion

Notices

Reply
 
Thread Tools
  #1  
Old 11-25-2012, 01:38 PM
Lorem Ipsum's Avatar
Lorem Ipsum Lorem Ipsum is offline
Metapod
 
Join Date: June 22, 2008
Location: SW England
Age: 21
Posts: 758
Pronoun: He
Lorem Ipsum is an unknown quantity at this point
Default [PHP] MySQL problem

For all my sins, I'm using PHP to code a little pet project to try and get me to get back into coding, but I've stumbled at one of the first hurdles and can't identify what the problem is.

Basically, User A signs up to the service and receives a unique ID number and verification code, and for others to join User A's group, they have to enter both of these numbers when registering. The code for User A's registration works fine, and it all enters into the database wonderfully.

My problem is the registration of User B - I've set up a rudimentary check to see whether the verification code matches the verification assigned to the user ID in the database, and if it doesn't, it sends you back and tells you to fill out the registration form again. The only problem is that even if they ARE the same, it sends you back regardless.

The only thing I can imagine is wrong is that the code to check the database verification ID is somehow flawed, but I can't see where. Any help on this would be greatly appreciated! Code below:

PHP Code:
$sid $_POST['schoolid'];
$ver $_POST['verificationid'];
$title $_POST['title'];
$firstname $_POST['firstname'];
$lastname $_POST['lastname'];
$pwd $_POST['pwd1'];
$conf $_POST['pwd2'];

// MySQL login data goes here

$con mysql_connect($mysql_host,$mysql_user,$mysql_password);

$getsid mysql_query(
"SELECT *
FROM schools
WHERE uid='
$sid'");

while(
$row mysql_fetch_array($getsid)) {
    
$origver $row['verification'];
    }

if (
$pwd != $conf) {
        
header('Location: register.php?error=1');
    }
elseif (
$ver != $original) {
    
header('Location: register.php?error=2');
    }

// Further, unimportant code 
Reply With Quote
  #2  
Old 11-25-2012, 05:41 PM
1. Luftballon 1. Luftballon is offline
Banned
 
Join Date: June 24, 2008
Posts: 3,372
Pronoun: it
1. Luftballon is an unknown quantity at this point
Default Re: [PHP] MySQL problem

well, at a glance, there's a p glaring sql inj with the sid interpolation. please do not interpolate across interfaces unsafely.

(this has nothing to do with the bug you're looking at, but security holes should always take precedence, right)

(I would have links to go with that but I can't seem to motor functions enough to copy/paste on this thing, oops?)

Last edited by sreservoir; 11-26-2012 at 04:04 AM. Reason: that was very wrong
Reply With Quote
  #3  
Old 11-25-2012, 05:52 PM
Lorem Ipsum's Avatar
Lorem Ipsum Lorem Ipsum is offline
Metapod
 
Join Date: June 22, 2008
Location: SW England
Age: 21
Posts: 758
Pronoun: He
Lorem Ipsum is an unknown quantity at this point
Default Re: [PHP] MySQL problem

I have no idea how to combat that, unfortunately - is it particularly difficult?
Reply With Quote
  #4  
Old 11-26-2012, 12:18 AM
Butterfree's Avatar
Butterfree Butterfree is offline
Still loves Joltik, though!
 
Join Date: June 22, 2008
Location: Iceland
Age: 27
Posts: 2,393
Pronoun: she
Butterfree is on a distinguished road
Send a message via MSN to Butterfree
Default Re: [PHP] MySQL problem

The variable you're reading from the database is called $origver; the variable you're comparing $ver to is called $original. Since PHP just creates new variables if a variable name it doesn't recognize comes up, even if you're trying to read from it which is a pretty strong hint you meant to reference something that exist, it's comparing it to undefined or null or whatever PHP's initial variable value is, which is always going to be false. That would be your problem.

But yes, do look into SQL injections - PHP can do prepared queries now with PDO, which takes care of the issue entirely, but running mysql_real_escape_string on it before you inject it into the query should technically also do the trick, in a hackish, really-bad-idea asking-for-trouble way (since if you were to ever forget it for any value you plug into a query at a later point, you're left completely vulnerable).
__________________
Butterfree's Current Obsession
Ace Attorney, a series of visual novels about lawyers that I will never stop adoring.

Last edited by Butterfree; 11-26-2012 at 12:28 AM.
Reply With Quote
  #5  
Old 11-26-2012, 04:06 AM
1. Luftballon 1. Luftballon is offline
Banned
 
Join Date: June 24, 2008
Posts: 3,372
Pronoun: it
1. Luftballon is an unknown quantity at this point
Default Re: [PHP] MySQL problem

Quote:
Originally Posted by Butterfree View Post
But yes, do look into SQL injections - PHP can do prepared queries now with PDO, which takes care of the issue entirely, but running mysql_real_escape_string on it before you inject it into the query should technically also do the trick, in a hackish, really-bad-idea asking-for-trouble way (since if you were to ever forget it for any value you plug into a query at a later point, you're left completely vulnerable).
by all of which I think we would agree we mean, don't do that. not unless you have no other choices.

relevant link, and pdo documentation.
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:10 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Pokémon, Pikachu and all other Pokémon characters © Nintendo, Game Freak and Creatures Inc. The Cave of Dragonflies, content, styles, etc. © Butterfree/Dragonfree/antialiasis.
Forum now hosted by Eevee's HQ.