Sign in to follow this  

Forcing Code To Work !

This topic is 1482 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

 Whenever I am doing a project, I have a tendency to add all the features I want, than some how force everything to work together. Later I go back to streamline the code ( sometimes even I have problems reading it ).

 This often times produces interesting "raw" code.

 

 I present to you, the raw code I produced for a login page ( and it all works ) !

<html>
<title>Landing Page</title>
<head></head>
<?php
if (isset($_COOKIE["a"])){
	if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}
}
 if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }
 else {
 if (isset($_POST["gn"]) && isset($_POST["un"]) && isset($_POST["pw"]) ){
  if ( trim($_POST["gn"])!= "" && trim($_POST["un"])!= "" && trim($_POST["pw"])!= "" && strlen($_POST["gn"]) > 4 && strlen($_POST["un"]) > 4 && strlen($_POST["pw"]) > 4 ) {
  $_POST["si"] = " bla ";
  if (!file_exists("p") ){
   mkdir("p", 0, true);
  }
  if (file_exists("p/".$_POST["gn"]) ){
   echo 'Name Taken</br>
   <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
   ';
  }
  elseif(!file_exists("p/".$_POST["un"]) ){
  $x = "1234567890abcdefghijklmnopqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ";
  $x2 = '';
 for ($i = 0; $i < 21; $i++) {
      $x2 .= $x[rand(0, strlen($x) - 1)];
	  }
   $fh = fopen("p/".$_POST["un"], 'w');
   // game name | password | user ID
   fwrite($fh,$_POST["gn"]."|".$_POST["pw"]."|".$x2);
   fclose($fh); 
   if (!file_exists("u") ){
   mkdir("u", 0, true);
   }
   $fh = fopen("u/".$x2, 'w');
   fwrite($fh,$_POST["gn"]."|". "This is were game stats go");
   fclose($fh); 
   unset($_POST["su"]);
   unset($_POST["gn"]);
   unset($_POST["un"]);
   unset($_POST["pw"]);
   echo 'Account created: Please log in.<br>
   <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="x" value="Log In">
  </form>
   ';
 }}
  else{
  $_POST["su"] = " bla ";
  echo '<center><h1>Information Rejected - Please Try Again !</h1><br> Do not resend information.<br></center>
    <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
  ';
  }
 }
 if (isset($_POST["a"]) && isset($_POST["b"]) ){
    
	if (file_exists("p/".$_POST["a"]) && trim($_POST["a"] != "") ){
	$uf = file_get_contents("p/".$_POST["a"]);
	// game name | password | user ID
	$uf2 = explode("|", $uf);
	if ($uf2[1] == trim($_POST["b"])){
	setcookie("a", $uf2[2], time()+3600);
	echo 'Welcome: '. $uf2[0]. '
	<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    <input type="submit" name="x" value=" Not Programmed In Yet ">
    </form>
	';
	}
	elseif ($uf2[1] != trim($_POST["b"])){
	echo 'Nope!<br>
	<form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    <input type="submit" name="x" value=" <-- Back ">
    </form>
	';
	}
	}
	elseif (!file_exists("p/".$_POST["a"] || trim($_POST["a"] == "")) ){
	unset($_POST["a"]);
	unset($_POST["b"]);
	echo 'Does Not Exist<br>
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="x" value=" <-- Back ">
  </form>
	';
	}
    }
elseif (!isset($_POST["su"]) && !isset($_POST["si"]) ) {
 echo '<form action="' . $_SERVER['PHP_SELF'] . '" method="POST" onsubmit=" ">
<br>
  User Name: <input type="text" name="a" maxlength="12">
  Password: <input type="text" name="b" maxlength="12">
  <button type="submit">Submit !</button>
  </form><br>
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
  <input type="submit" name="su" value="Sign Up">
  </form>
  ';
   }
 }
 
 ?>
</html>

Share this post


Link to post
Share on other sites

Mph. That made me uncomfortable but I guess it's just PHP? :P

Edited by Krohm

Share this post


Link to post
Share on other sites

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

<?php
if(something)
{
?>
<p>Printing this because of <?php echo $valueOfSomething; ?></p>
<?php
} else
{
?>
<p>Printing this as our else paragraph.</p>
<?php
}
?>

Share this post


Link to post
Share on other sites

 

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

 

 

 All the forms and text fields on the page are only to appear if a certain $_POST or $_COOKIE condition is true tongue.png

if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }

Share this post


Link to post
Share on other sites
if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}

If exists.

If !exists.laugh.png

Share this post


Link to post
Share on other sites

 

 

You do know you can close your php tags and re-open them so you don't have to worry about echo-ing mark-up, right?

 

 

 All the forms and text fields on the page are only to appear if a certain $_POST or $_COOKIE condition is true tongue.png

if (isset($_POST["su"]) ){
  echo "Make sure you fill in everything, and you use more than 4 characters.<br>";
  echo '
  <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
  ';
 }

 

That's what I am talking about. You can close the php tag after the opening if brace ( { ) and re-open the php tag after. That way you are not worrying about echo commands, which quotes to use or escape, etc. It will still be within the conditional and only be printed/sent to the client if that condition is true.

Share this post


Link to post
Share on other sites
if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}
	if (!file_exists("u/".$_COOKIE["a"]) ){
	unset($_COOKIE["a"]);
	}

If exists.

If !exists.laugh.png

 

 

Wouldn't expect PHP to pertain to standard logics laugh.png

 

As for the premise of this article - getting something to work though ugly can be a good or bad thing. You need to find a balance where it actually helps laying the foundations for a more solid solution rather than leading to redundant work or bad code. Some programmers with a "fix it later" attitude take it as an excuse for poor code and end up causing more work than necessary because their code must always be rewritten by someone else who could have written it properly immediately in the first place in similar time.

 

Of course, there are occasions where throwaway/"write only" code is acceptable (usually in leaf parts of a system). Still, not doing your worst pays off due to how much easier bugs become to find.

Edited by Petter Hansson

Share this post


Link to post
Share on other sites

You can also use this syntax:

<?php if($condition) : ?>
Hello
<?php endif; ?>

Same for all control flow statements. It's easier to keep track of than using braces imo.

Edited by froop

Share this post


Link to post
Share on other sites

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.

Share this post


Link to post
Share on other sites

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.

 If you can do that in 12 characters, I would like to see it.

 <form action="' . $_SERVER['PHP_SELF'] . '" method="POST">
    Game Name: <input type="text" name="gn" maxlength="12"><br>
	User Name: <input type="text" name="un" maxlength="12"><br>
    Password : <input type="text" name="pw" maxlength="12"><br>
	<button type="submit">Submit !</button><br>
  </form>
Edited by Shippou

Share this post


Link to post
Share on other sites

 

This code is awesome, it allows me to overwrite all files on your server that the php process has rights on.

 If you can do that in 12 characters, I would like to see it.

 

Err... you are aware that this is just a hint to the browser, right? Nothing prevents one from posting 200 characters when you make an input field 12 characters. Apache or PHP don't care either, as long as you don't exceed the maximum post size which is something around 4 kilobytes by default (or maybe more in the mean time, used to be 4kb in the 1990s... probably is something like 256k nowadays).

Edited by samoth

Share this post


Link to post
Share on other sites

I did not realize that ... The size limit for PHP $_POST is 8mb by default  ( which is handy for loading maps into JavaScript ).

Share this post


Link to post
Share on other sites


You should always, no exceptions, assume that anything that comes from the user is malicious, and never, no exceptions use any user input without validating it and making sure that there is no way, even theoretically, that it could be abused, and you should never, no exceptions, let the user choose such a thing as a filename, a script name, a command to execute, or a table name or a SQL command. Even if validated, this is still a possible danger since you might forget one special case.



There is no such thing as harmless user input.

 

This.

Share this post


Link to post
Share on other sites

Just wanted to add, in case that is also not clear, cookie data is also not safe, its easy to modify,

so i could very easily go into the following code branch and let your server give me any file the php process has access to.

if (file_exists("u/".$_COOKIE["a"]) ){
	$co = file_get_contents("u/".$_COOKIE["a"]);
	$co2 = explode("|", $co);
	echo "Hello: " . $co2[0] . "<br>";
	}

Share this post


Link to post
Share on other sites

I have been working on the code, and here is the second generation tongue.png

 After I tweak this, It will get turned into an actual login page !

<html>
<title>Landing Page</title>
<head></head>
<?php
include "sql.php";
$me =  $_SERVER['PHP_SELF'];
function check($v){
return isset($_POST[$v]);
}
function test($col,$val){
global $sql, $table; 
$tst = mysqli_query($sql,"SELECT ".$col." FROM ".$table." WHERE ".$col."='".$val."'");
if (mysqli_fetch_array($tst) ){
 return true;
}
else{
return false;
}
}
 function verify ($imp){
	 $imp1 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($imp) );
	 if ($imp == $imp1){
	 return true;
	 }
	 else{
	 return false;
	 }
	}
function button ($txt,$set){
global $me;
 echo '<form action="' . $me . '" method="POST">
  <input type="submit" name="'.$txt.'" value="'.$set.'">
  </form>';
}
	
	if (isset($_COOKIE["ID"])){
	$result = mysqli_query($sql,"SELECT ID FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'");
	if (mysqli_fetch_array($result)){
		$temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT Game_Name FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'") );
		echo "Welcome " . $temp["Game_Name"] . " !<br>";
	}
	else{
	unset($_COOKIE["ID"]);
	}}
	
	if (!check("Sign_Up")  and !check("Sign_In") and !check("Su_User_Name") and !check("Si_User_Name")){
	echo "<center><b>Welcome! Please sign in or sign up !<br></b></ceter>";
	button("Sign_In","Sign In");
	button("Sign_Up","Sign Up");
	}
	
	if (check("Sign_In") ) {
echo '<center><b>Please sign in here.</b></cemter><br><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Si_User_Name">&nbsp;
  Password: <input type="text" name="Si_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Sign_Up") ) {
	echo '<center><b>Please do not use special characters.<br>Letters, numbers and _ allowed.<br>Lenght must be longer than 4 characters.<br></b></center><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Su_User_Name">&nbsp;
  Game Name: <input type="text" name="Su_Game_Name"> &nbsp;
  Password: <input type="text" name="Su_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Su_User_Name") and check("Su_Game_Name") and check("Su_Password") ){
     if (!verify($_POST["Su_User_Name"]) or !verify($_POST["Su_Game_Name"]) or !verify($_POST["Su_Password"]) or strlen($_POST["Su_User_Name"]) < 5 or strlen($_POST["Su_Game_Name"]) < 5 or strlen($_POST["Su_Password"]) < 5 ) {
	  echo "<center><h3><b>Letters, numbers and _ only. Lenght must be greater than 4 characters.</b></h1><br>";
	  button("x","<-- Back");
	 }
	 else{
      if (test("Login_Name",$_POST["Su_User_Name"]) ){
	  echo "<center><b>User name taken.<br></b></center>";
	  button("x","<-- Back");
	  }
	  elseif(test("Game_Name",$_POST["Su_Game_Name"]) ){
	   echo "<center><b>Game name taken.<br></b></center>";
	   button("x","<-- Back");
	  }
	  else{
	  $x = "1234567890abcdefghijklmnopqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ";
      $x2 = '';
		for ($i = 0; $i < 21; $i++) {
			$x2 .= $x[rand(0, strlen($x) - 1)];
	  }
	  mysqli_query($sql,"INSERT INTO ".$table." (Game_Name,Login_Name,Blarg,ID)VALUES('".$_POST["Su_Game_Name"]."','".$_POST["Su_User_Name"]."','" .$_POST["Su_Password"]."','".$x2."')");
	  echo "<center><b>Account created !<br></b></center>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE ID='".$x2."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  
	  }
	 }
	}
	
	if (check("Si_User_Name") and check("Si_Password") ) {
	$tmp1 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($_POST["Si_User_Name"] ) );
	$tmp2 = preg_replace('/[^A-Za-z0-9_]/', " ", trim($_POST["Si_Password"] ) );
	  if (test("Login_Name",$tmp1) and test("Blarg",$tmp2) ){
	  echo "<center><b>Logged in !<br></b></center>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE Login_Name='".$tmp1."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  }
	  else{
	   echo "<center><b>Bad name or password. Please try again.<br></b></center>";
	   button("x","<-- Back");
	  }
	}

 ?>
</html>

Share this post


Link to post
Share on other sites

If I disallow spaces, that shouldn't be an issue, correct ?

 

Edit: all special characters are stripped in this version of the code.

Edited by Shippou

Share this post


Link to post
Share on other sites

Just use mysqli_real_escape_string or prepared statements,

"trim"ing values is not enough.

 

As already mentioned cookies are not save either, in the following parts of your code you have no checks at all.

// sql injection
$result = mysqli_query($sql,"SELECT ID FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'");

// sql injection
$temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT Game_Name FROM ".$table." WHERE ID='".$_COOKIE["ID"]."'") );

Share this post


Link to post
Share on other sites

This version strips all special characters from all input ...

<html>
<title>Login Page</title>
<head>
	<style type="text/css">
	body {
        text-align:center;
	     }
	</style>
</head>
<?php
include "sql.php";
$me =  $_SERVER['PHP_SELF'];

function check($v){
return isset($_POST[$v]);
}

function strip ($str){
return preg_replace('/[^A-Za-z0-9_]/', " ", trim($str) );
}

function test($col,$val){
global $sql, $table; 
$tst = mysqli_query($sql,"SELECT ".$col." FROM ".$table." WHERE ".$col."='".$val."'");
if (mysqli_fetch_array($tst) ){
 return true;
}
else{
return false;
}}

 function verify ($imp){
	 $imp1 = strip($imp);
	 if ($imp == $imp1){
	 return true;
	 }
	 else{
	 return false;
	 }}
	 
function button ($txt,$set){
global $me;
 echo '<form action="' . $me . '" method="POST">
  <input type="submit" name="'.$txt.'" value="'.$set.'">
  </form>';
}
// End Of Declarationns 	
	if (isset($_COOKIE["ID"])){
	$result = mysqli_query($sql,"SELECT ID FROM ".$table." WHERE ID='".strip($_COOKIE["ID"])."'");
	if (mysqli_fetch_array($result)){
		$temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT Game_Name FROM ".$table." WHERE ID='".strip($_COOKIE["ID"])."'") );
		echo "Welcome " . $temp["Game_Name"] . " !<br>";
	}
	else{
	unset($_COOKIE["ID"]);
	}}
	
	if (!check("Sign_Up")  and !check("Sign_In") and !check("Su_User_Name") and !check("Si_User_Name")){
	echo "<b>Welcome! Please sign in or sign up !<br></b></ceter>";
	button("Sign_In","Sign In");
	button("Sign_Up","Sign Up");
	}
	
	if (check("Sign_In") ) {
echo '<b>Please sign in here.</b></cemter><br><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Si_User_Name">&nbsp;
  Password: <input type="text" name="Si_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Sign_Up") ) {
	echo '<b>Please do not use special characters.<br>Letters, numbers and _ allowed.<br>Lenght must be longer than 4 characters.<br></b><form action="' . $me . '" method="POST">
<br>User Name: <input type="text" name="Su_User_Name">&nbsp;
  Game Name: <input type="text" name="Su_Game_Name"> &nbsp;
  Password: <input type="text" name="Su_Password">&nbsp;
  <button type="submit">Submit !</button>
  </form><br>';
	}
	
	if (check("Su_User_Name") and check("Su_Game_Name") and check("Su_Password") ){
     if (!verify($_POST["Su_User_Name"]) or !verify($_POST["Su_Game_Name"]) or !verify($_POST["Su_Password"]) or strlen($_POST["Su_User_Name"]) < 5 or strlen($_POST["Su_Game_Name"]) < 5 or strlen($_POST["Su_Password"]) < 5 ) {
	  echo "<h3><b>Letters, numbers and _ only. Lenght must be greater than 4 characters.</b></h1><br>";
	  button("x","<-- Back");
	 }
	 else{
      if (test("Login_Name",$_POST["Su_User_Name"]) ){
	  echo "<b>User name taken.<br></b>";
	  button("x","<-- Back");
	  }
	  elseif(test("Game_Name",$_POST["Su_Game_Name"]) ){
	   echo "<b>Game name taken.<br></b>";
	   button("x","<-- Back");
	  }
	  else{
	  $x = "1234567890abcdefghijklmnopqrstuvwxyABCDEFGHIJKLMNOPQRSTUVWXYZ";
      $x2 = '';
		for ($i = 0; $i < 21; $i++) {
			$x2 .= $x[rand(0, strlen($x) - 1)];
	  }
	  mysqli_query($sql,"INSERT INTO ".$table." (Game_Name,Login_Name,Blarg,ID)VALUES('".$_POST["Su_Game_Name"]."','".$_POST["Su_User_Name"]."','" .$_POST["Su_Password"]."','".$x2."')");
	  echo "<b>Account created !<br></b>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE ID='".$x2."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  
	  }
	 }
	}
	
	if (check("Si_User_Name") and check("Si_Password") ) {
	$tmp1 = strip($_POST["Si_User_Name"]);
	$tmp2 = strip($_POST["Si_Password"]);
	  if (test("Login_Name",$tmp1) and test("Blarg",$tmp2) ){
	  echo "<b>Logged in !<br></b>";
	  $temp = mysqli_fetch_assoc(mysqli_query($sql,"SELECT * FROM ".$table." WHERE Login_Name='".$tmp1."'") );
      setcookie("ID",$temp["ID"], time()+3600);
	  button("x","<-- Back");
	  }
	  else{
	   echo "<b>Bad name or password. Please try again.<br></b>";
	   button("x","<-- Back");
	  }
	}

 ?>
</html>

Share this post


Link to post
Share on other sites

Ah yes, I had to use many different libraries for making a game engine, and had to work with all sorts of strange libraries that don't always go together. For science!

Share this post


Link to post
Share on other sites
Sign in to follow this