Jump to content

  • Log In with Google      Sign In   
  • Create Account


Forcing Code To Work !

  • You cannot reply to this topic
31 replies to this topic

#1 Shippou   Members   -  Reputation: 1471

Like
0Likes
Like

Posted 01 December 2013 - 07:58 PM

 Whenever I am doing a project, I have a tendency to add all the features I want, than some how force everything to work together. Later I go back to streamline the code ( sometimes even I have problems reading it ).

 This often times produces interesting "raw" code.

 

 I present to you, the raw code I produced for a login page ( and it all works ) !

<html>
<title>Landing Page</title>
<head></head>
<?php
if (isset($_COOKIE["a"])){
	if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}
}
 if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }
 else {
 if (isset($_POST["gn"]) && isset($_POST["un"]) && isset($_POST["pw"]) ){
  if ( trim($_POST["gn"])!= "" && trim($_POST["un"])!= "" && trim($_POST["pw"])!= "" && strlen($_POST["gn"]) > 4 && strlen($_POST["un"]) > 4 && strlen($_POST["pw"]) > 4 ) {
  $_POST["si"] = " bla ";
  if (!file_exists("p") ){
   mkdir("p", 0, true);
  }
  if (file_exists("p/".$_POST["gn"]) ){
   echo 'Name Taken</br>
   <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
   ';
  }
  elseif(!file_exists("p/".$_POST["un"]) ){
  $x = "1234567890abcdefghijklmnopqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $x2 = '';
 for ($i = 0; $i < 21; $i++) {
      $x2 .= $x[rand(0, strlen($x) - 1)];
	  }
   $fh = fopen("p/".$_POST["un"], 'w');
   // game name | password | user ID
   fwrite($fh,$_POST["gn"]."|".$_POST["pw"]."|".$x2);
   fclose($fh); 
   if (!file_exists("u") ){
   mkdir("u", 0, true);
   }
   $fh = fopen("u/".$x2, 'w');
   fwrite($fh,$_POST["gn"]."|". "This is were game stats go");
   fclose($fh); 
   unset($_POST["su"]);
   unset($_POST["gn"]);
   unset($_POST["un"]);
   unset($_POST["pw"]);
   echo 'Account created: Please log in.<br>
   <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="x" value="Log In">
  </form>
   ';
 }}
  else{
  $_POST["su"] = " bla ";
  echo '<center><h1>Information Rejected - Please Try Again !</h1><br> Do not resend information.<br></center>
    <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
  ';
  }
 }
 if (isset($_POST["a"]) && isset($_POST["b"]) ){
    
	if (file_exists("p/".$_POST["a"]) && trim($_POST["a"] != "") ){
	$uf = file_get_contents("p/".$_POST["a"]);
	// game name | password | user ID
	$uf2 = explode("|", $uf);
	if ($uf2[1] == trim($_POST["b"])){
	setcookie("a", $uf2[2], time()+3600);
	echo 'Welcome: '. $uf2[0]. '
	<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    <input type="submit" name="x" value=" Not Programmed In Yet ">
    </form>
	';
	}
	elseif ($uf2[1] != trim($_POST["b"])){
	echo 'Nope!<br>
	<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    <input type="submit" name="x" value=" <-- Back ">
    </form>
	';
	}
	}
	elseif (!file_exists("p/".$_POST["a"] || trim($_POST["a"] == "")) ){
	unset($_POST["a"]);
	unset($_POST["b"]);
	echo 'Does Not Exist<br>
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="x" value=" <-- Back ">
  </form>
	';
	}
    }
elseif (!isset($_POST["su"]) && !isset($_POST["si"]) ) {
 echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST" onsubmit=" ">
<br>
  User Name: <input type="text" name="a" maxlength="12">
  Password: <input type="text" name="b" maxlength="12">
  <button type="submit">Submit !</button>
  </form><br>
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
  ';
   }
 }
 
 ?>
</html>

 Reactions To Technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.

- Douglas Adams 2002


 


Sponsor:

#2 Krohm   Crossbones+   -  Reputation: 3040

Like
3Likes
Like

Posted 02 December 2013 - 01:55 AM

Mph. That made me uncomfortable but I guess it's just PHP? :P


Edited by Krohm, 02 December 2013 - 01:55 AM.


#3 Dragonsoulj   Crossbones+   -  Reputation: 2083

Like
1Likes
Like

Posted 02 December 2013 - 02:26 AM

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

<?php
if(something)
{
?>
<p>Printing this because of <?php echo $valueOfSomething; ?></p>
<?php
} else
{
?>
<p>Printing this as our else paragraph.</p>
<?php
}
?>


#4 Shippou   Members   -  Reputation: 1471

Like
0Likes
Like

Posted 02 December 2013 - 04:44 AM

 

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

 

 

 All the forms and text fields on the page are only to appear if a certain $_POST or $_COOKIE condition is true tongue.png

if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }

 Reactions To Technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.

- Douglas Adams 2002


 


#5 slicer4ever   Crossbones+   -  Reputation: 3466

Like
1Likes
Like

Posted 02 December 2013 - 07:04 AM

o god, ur transmitting and storing passwords as plaintext. screw bad code, thats just bad.
Check out https://www.facebook.com/LiquidGames for some great games made by me on the Playstation Mobile market.

#6 Mussi   Crossbones+   -  Reputation: 1755

Like
0Likes
Like

Posted 02 December 2013 - 08:06 AM

if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}

If exists.

If !exists.laugh.png



#7 samoth   Crossbones+   -  Reputation: 4678

Like
0Likes
Like

Posted 02 December 2013 - 08:53 AM

Woah, file_get_contents as well as fopen+fwrite on user-supplied, non-verified inputs. That's courageous.


Edited by samoth, 02 December 2013 - 08:54 AM.


#8 Dragonsoulj   Crossbones+   -  Reputation: 2083

Like
2Likes
Like

Posted 02 December 2013 - 08:59 AM

 

 

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

 

 

 All the forms and text fields on the page are only to appear if a certain $_POST or $_COOKIE condition is true tongue.png

if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }

 

That's what I am talking about. You can close the php tag after the opening if brace ( { ) and re-open the php tag after. That way you are not worrying about echo commands, which quotes to use or escape, etc. It will still be within the conditional and only be printed/sent to the client if that condition is true.



#9 Petter Hansson   Members   -  Reputation: 593

Like
1Likes
Like

Posted 02 December 2013 - 09:49 AM

if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}

If exists.

If !exists.laugh.png

 

 

Wouldn't expect PHP to pertain to standard logics laugh.png

 

As for the premise of this article - getting something to work though ugly can be a good or bad thing. You need to find a balance where it actually helps laying the foundations for a more solid solution rather than leading to redundant work or bad code. Some programmers with a "fix it later" attitude take it as an excuse for poor code and end up causing more work than necessary because their code must always be rewritten by someone else who could have written it properly immediately in the first place in similar time.

 

Of course, there are occasions where throwaway/"write only" code is acceptable (usually in leaf parts of a system). Still, not doing your worst pays off due to how much easier bugs become to find.


Edited by Petter Hansson, 02 December 2013 - 10:00 AM.


#10 froop   Members   -  Reputation: 636

Like
1Likes
Like

Posted 02 December 2013 - 02:09 PM

You can also use this syntax:

<?php if($condition) : ?>
Hello
<?php endif; ?>

Same for all control flow statements. It's easier to keep track of than using braces imo.


Edited by froop, 02 December 2013 - 02:09 PM.


#11 HyperV   Members   -  Reputation: 765

Like
0Likes
Like

Posted 09 December 2013 - 05:38 AM

aah my head hurts :(



#12 LJ_1102   Members   -  Reputation: 900

Like
2Likes
Like

Posted 09 December 2013 - 08:03 AM

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.


Jan F. Scheurer - CEO @ Xe-Development

Sign Up for Xe-EngineBeta

 


#13 Shippou   Members   -  Reputation: 1471

Like
0Likes
Like

Posted 09 December 2013 - 12:20 PM

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.

 If you can do that in 12 characters, I would like to see it.

 <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>

Edited by Shippou, 09 December 2013 - 12:21 PM.

 Reactions To Technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.

- Douglas Adams 2002


 


#14 samoth   Crossbones+   -  Reputation: 4678

Like
4Likes
Like

Posted 09 December 2013 - 12:45 PM

 

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.

 If you can do that in 12 characters, I would like to see it.

 

Err... you are aware that this is just a hint to the browser, right? Nothing prevents one from posting 200 characters when you make an input field 12 characters. Apache or PHP don't care either, as long as you don't exceed the maximum post size which is something around 4 kilobytes by default (or maybe more in the mean time, used to be 4kb in the 1990s... probably is something like 256k nowadays).


Edited by samoth, 09 December 2013 - 12:46 PM.


#15 Shippou   Members   -  Reputation: 1471

Like
0Likes
Like

Posted 09 December 2013 - 03:10 PM

I did not realize that ... The size limit for PHP $_POST is 8mb by default  ( which is handy for loading maps into JavaScript ).


 Reactions To Technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.

- Douglas Adams 2002


 


#16 Dragonsoulj   Crossbones+   -  Reputation: 2083

Like
0Likes
Like

Posted 09 December 2013 - 03:39 PM

The browser doesn't let you type those extra characters, but you can either post from a separate file/page or use Javascript to alter the form settings.



#17 samoth   Crossbones+   -  Reputation: 4678

Like
6Likes
Like

Posted 09 December 2013 - 04:01 PM

I did not realize that ... The size limit for PHP $_POST is 8mb by default  ( which is handy for loading maps into JavaScript ).

That's why I called opening and writing to a file with an user-supplied, non-validated name "courageous" earlier. An attacker who knows that your script works that way can write a simple socket program (or just use telnet!) to send you a string that is much longer than your anticipated 12 characters. Or even if they don't know, they might just try to see what happens.

 

Besides, even short strings can be dangerous if unvalidated: /etc/passwd is 11 characters long. *cough* Hopefully, the web server doesn't run as root.

 

You should always, no exceptions, assume that anything that comes from the user is malicious, and never, no exceptions use any user input without validating it and making sure that there is no way, even theoretically, that it could be abused, and you should never, no exceptions, let the user choose such a thing as a filename, a script name, a command to execute, or a table name or a SQL command. Even if validated, this is still a possible danger since you might forget one special case.

 

There is no such thing as harmless user input.


Edited by samoth, 09 December 2013 - 04:03 PM.


#18 Dragonsoulj   Crossbones+   -  Reputation: 2083

Like
0Likes
Like

Posted 09 December 2013 - 05:00 PM


You should always, no exceptions, assume that anything that comes from the user is malicious, and never, no exceptions use any user input without validating it and making sure that there is no way, even theoretically, that it could be abused, and you should never, no exceptions, let the user choose such a thing as a filename, a script name, a command to execute, or a table name or a SQL command. Even if validated, this is still a possible danger since you might forget one special case.



There is no such thing as harmless user input.

 

This.



#19 LJ_1102   Members   -  Reputation: 900

Like
0Likes
Like

Posted 09 December 2013 - 05:39 PM

Just wanted to add, in case that is also not clear, cookie data is also not safe, its easy to modify,

so i could very easily go into the following code branch and let your server give me any file the php process has access to.

if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}

Jan F. Scheurer - CEO @ Xe-Development

Sign Up for Xe-EngineBeta

 


#20 Shippou   Members   -  Reputation: 1471

Like
0Likes
Like

Posted 09 December 2013 - 10:13 PM

I have been working on the code, and here is the second generation tongue.png

 After I tweak this, It will get turned into an actual login page !

<html>
<title>Landing Page</title>
<head></head>
<?php
include "sql.php";
$me =  $_SERVER['PHP_SELF'];
function check($v){
return isset($_POST[$v]);
}
function test($col,$val){
global $sql, $table; 
$tst = mysqli_query($sql,"SELECT ".$col." FROM ".$table." WHERE ".$col."='".$val."'");
if (mysqli_fetch_array($tst) ){
 return true;
}
else{
return false;
}
}
 function verify ($imp){
	 $imp1 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($imp) );
	 if ($imp == $imp1){
	 return true;
	 }
	 else{
	 return false;
	 }
	}
function button ($txt,$set){
global $me;
 echo '<form action="' . $me . '" method="POST">
  <input type="submit" name="'.$txt.'" value="'.$set.'">
  </form>';
}
	
	if (isset($_COOKIE["ID"])){
	$result = mysqli_query($sql,"SELECT ID FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'");
	if (mysqli_fetch_array($result)){
		$temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT Game_Name FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'") );
		echo "Welcome " . $temp["Game_Name"] . " !<br>";
	}
	else{
	unset($_COOKIE["ID"]);
	}}
	
	if (!check("Sign_Up")  and !check("Sign_In") and !check("Su_User_Name") and !check("Si_User_Name")){
	echo "<center><b>Welcome! Please sign in or sign up !<br></b></ceter>";
	button("Sign_In","Sign In");
	button("Sign_Up","Sign Up");
	}
	
	if (check("Sign_In") ) {
echo '<center><b>Please sign in here.</b></cemter><br><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Si_User_Name">&nbsp;
  Password: <input type="text" name="Si_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Sign_Up") ) {
	echo '<center><b>Please do not use special characters.<br>Letters, numbers and _ allowed.<br>Lenght must be longer than 4 characters.<br></b></center><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Su_User_Name">&nbsp;
  Game Name: <input type="text" name="Su_Game_Name"> &nbsp;
  Password: <input type="text" name="Su_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Su_User_Name") and check("Su_Game_Name") and check("Su_Password") ){
     if (!verify($_POST["Su_User_Name"]) or !verify($_POST["Su_Game_Name"]) or !verify($_POST["Su_Password"]) or strlen($_POST["Su_User_Name"]) < 5 or strlen($_POST["Su_Game_Name"]) < 5 or strlen($_POST["Su_Password"]) < 5 ) {
	  echo "<center><h3><b>Letters, numbers and _ only. Lenght must be greater than 4 characters.</b></h1><br>";
	  button("x","<-- Back");
	 }
	 else{
      if (test("Login_Name",$_POST["Su_User_Name"]) ){
	  echo "<center><b>User name taken.<br></b></center>";
	  button("x","<-- Back");
	  }
	  elseif(test("Game_Name",$_POST["Su_Game_Name"]) ){
	   echo "<center><b>Game name taken.<br></b></center>";
	   button("x","<-- Back");
	  }
	  else{
	  $x = "1234567890abcdefghijklmnopqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ";
      $x2 = '';
		for ($i = 0; $i < 21; $i++) {
			$x2 .= $x[rand(0, strlen($x) - 1)];
	  }
	  mysqli_query($sql,"INSERT INTO ".$table." (Game_Name,Login_Name,Blarg,ID)VALUES('".$_POST["Su_Game_Name"]."','".$_POST["Su_User_Name"]."','" .$_POST["Su_Password"]."','".$x2."')");
	  echo "<center><b>Account created !<br></b></center>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE ID='".$x2."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  
	  }
	 }
	}
	
	if (check("Si_User_Name") and check("Si_Password") ) {
	$tmp1 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($_POST["Si_User_Name"] ) );
	$tmp2 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($_POST["Si_Password"] ) );
	  if (test("Login_Name",$tmp1) and test("Blarg",$tmp2) ){
	  echo "<center><b>Logged in !<br></b></center>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE Login_Name='".$tmp1."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  }
	  else{
	   echo "<center><b>Bad name or password. Please try again.<br></b></center>";
	   button("x","<-- Back");
	  }
	}

 ?>
</html>

 Reactions To Technologies:
1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.
2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.
3. Anything invented after you're thirty-five is against the natural order of things.

- Douglas Adams 2002


 






PARTNERS