thinkingforward Posted October 9, 2009 Posted October 9, 2009 Hi there, this isn't really oscommerce related, but I need a little advice with the code on a sendquote.php form. Basically one of my accounts have just been suspended due to an injection within the following php code: <?php include('./class.quote.php'); $quote = new quote(); //POST ITEMS $type = mysql_real_escape_string($_POST['granite']); $shape = $_POST['shape']; if(is_numeric($_POST['1'])){ $size1 = $_POST['1']; }else{ $error[] = 'Size 1 Input must be Numeric';} if(is_numeric($_POST['2'])){ $size2 = $_POST['2']; }else{ $error[] = 'Size 2 Input must be Numeric';} $size3 = $_POST['3']; $size4 = $_POST['4']; $size5 = $_POST['5']; $size6 = $_POST['6']; if(is_numeric($_POST['polcut'])){ $polcut = $_POST['polcut']; }else{ $error[]='Polished Cut Out Input must be Numeric';} if(is_numeric($_POST['unpolcut'])){ $unpolcut = $_POST['unpolcut']; }else{ $error[]='UnPolished Cut Out Input must be Numeric';} if(is_numeric($_POST['drainer'])){ $drainer = $_POST['drainer']; }else{ $error[]='Drainer Input must be Numeric';} if(is_numeric($_POST['taphole'])){ $taphole = $_POST['taphole']; }else{ $error[]='Taphole Input must be Numeric';} if(is_numeric($_POST['hobcut'])){ $hobcut = $_POST['hobcut']; }else{ $error[]='Hobcut Input must be Numeric';} if(is_numeric($_POST['radius'])){ $radius = $_POST['radius']; }else{ $error[]='Radius Input must be Numeric';} if(is_numeric($_POST['fullarch'])){ $fullarch = $_POST['fullarch']; }else{ $error[]='Fullarch Input must be Numeric';} if(is_numeric($_POST['upstands'])){ $upstands = $_POST['upstands']; }else{ $error[]='Upstands Input must be Numeric';} if(is_numeric($_POST['bevel'])){ $bevel = $_POST['bevel']; }else{ $error[]='Bevel Input must be Numeric';} if(is_numeric($_POST['pencil'])){ $pencil = $_POST['pencil']; }else{ $error[]='Pencil Input must be Numeric';} if(is_numeric($_POST['bullnose'])){ $bullnose = $_POST['bullnose']; }else{ $error[]='Bullnose Input must be Numeric';} if(is_numeric($_POST['builtup'])){ $builtup = $_POST['builtup']; }else{ $error[] = 'Builtup Input must be Numeric';} if(is_numeric($_POST['ogee'])){ $ogee = $_POST['ogee']; }else{ $error[] = 'Ogee Input must be Numeric';} if($_POST['installation'] == 'on'){ $install = 1; } if(!empty($_POST['firstname'])){ $firstname = $_POST['firstname'];}else{ $error[] = 'Name Must be set'; } if(!empty($_POST['lastname'])){ $lastname = $_POST['lastname'];}else{ $error[] = 'Last Name Must be set'; } if(!empty($_POST['email'])){ $email = $_POST['email'];}else{ $error[] = 'Email Must be set'; } if(!empty($_POST['phone'])){ $phone = $_POST['phone'];}else{ $error[] = 'Phone Must be set'; } $address = $_POST['address']; $postcode = $_POST['postcode']; $message = $_POST['message']; $submit = $_POST['submit']; //END POST ITEMS if(isset($submit)){ $quote->SetGranite($type); $quote->SetSizes($shape, $size1, $size2, $size3, $size4, $size5); $quote->CalculateM2(); $quote->CalculatePrice(); $quote->AddItem('35', $upstands); $quote->AddItem('29', $polcut); $quote->AddItem('31', $unpolcut); $quote->AddItem('30', $drainer); $quote->AddItem('32', $taphole); $quote->AddItem('33', $radius); $quote->AddItem('30', $drainer); $quote->AddItem('34', $fullarch); $quote->AddItem('24', $bevel); $quote->AddItem('30', $drainer); $quote->AddItem('25', $pencil); $quote->AddItem('26', $bullnose); $quote->AddItem('28', $builtup); $quote->AddItem('38', $hobcut); $quote->AddItem('27', $ogee); $quote->AddItem('39', $install); if(empty($error)){ if($install == 1){ $install = 'yes'; } $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'To: Website Enquiry <emailhere>' . "\r\n"; $headers .= 'From: Website Enquiry <emailhere>' . "\r\n"; $q = mysql_query("SELECT * FROM pricelist WHERE code = '" . $type . "'"); while($row = mysql_fetch_array($q)){ $type = $row['description']; } $msg = 'Selected Granite - ' . $type . '<br/>'; $msg .= 'Selected Shape - ' . $shape . '<br/>'; $msg .= 'Size 1 - ' . $size1 . '<br/>'; $msg .= 'Size 2 - ' . $size2 . '<br/>'; $msg .= 'Size 3 - ' . $size3 . '<br/>'; $msg .= 'Size 4 - ' . $size4 . '<br/>'; $msg .= 'Size 5 - ' . $size5 . '<br/>'; $msg .= 'Size 6 - ' . $size6 . '<br/>'; if($shape == 'l'){ $size1 = $size1 / 1000; $size2 = $size2 / 1000; $size3 = $size3 / 1000; $size4 = $size4 / 1000; $msg .= 'Section A - ' . $size1 * $size2 . 'm2<br/>'; $msg .= 'Section B - ' . $size3 * $size4 . 'm2<br/>'; } if($shape == 'u'){ $size1 = $size1 / 1000; $size2 = $size2 / 1000; $size3 = $size3 / 1000; $size4 = $size4 / 1000; $size5 = $size5 / 1000; $size6 = $size6 / 1000; $msg .= 'Section A - ' . $size1 * $size2 . 'm2<br/>'; $msg .= 'Section B - ' . $size3 * $size4 . 'm2<br/>'; $msg .= 'Section C - ' . $size5 * $size6 . 'm2<br/>'; } //$msg .= 'Total:' . $quote->m2 . 'm2<br/><br/>'; $msg .= 'Polished Cut Outs - ' . $polcut . '<br/>'; $msg .= 'Unpolished Cut Outs - ' . $unpolcut . '<br/>'; $msg .= 'Drainer - ' . $drainer . '<br/>'; $msg .= 'Tapholes - ' . $taphole . '<br/>'; $msg .= 'Hob Cut Outs - ' . $hobcut . '<br/>'; $msg .= 'Radius Ends - ' . $radius . '<br/>'; $msg .= 'Full Arch - ' . $fullarch . '<br/>'; $msg .= 'Upstands - ' . $upstands . '<br/>'; $msg .= 'Bevel - ' . $bevel . '<br/>'; $msg .= 'Pencil - ' . $pencil . '<br/>'; $msg .= 'Bullnose - ' . $bullnose . '<br/>'; $msg .= 'Builtup - ' . $builtup . '<br/>'; $msg .= 'Ogee - ' . $ogee . '<br/>'; $msg .= 'Installation - ' . $install . '<br/>'; $msg .= 'First Name - ' . $firstname . '<br/>'; $msg .= 'Last Name - ' . $lastname . '<br/>'; $msg .= 'Email - ' . $email . '<br/>'; $msg .= 'Phone - ' . $phone . '<br/>'; $msg .= 'Address - ' . $address . '<br/>'; $msg .= 'Postcode - ' . $postcode . '<br/>'; $msg .= 'Message - ' . $message . '<br/><br/><br/>'; $msg .= 'Estimated Price - £' . number_format($quote->price,2) . '<br/>'; if(mail(emailhere', 'Quote for Granite Worktop', $msg, $headers)){ echo 'Success, We have received your enquiry!'; }; }else{ echo '<p>Sorry, you had errors in your form submission, please go back and try again.</p>'; foreach($error as $key=>$value){ echo $value . '<br/>'; } echo '<p><A HREF="javascript:history.go(-1)">Click Here</A> To Go Back</p>'; } } ?> Again, sorry for asking a non oscommerce question, but I know a lot of you are very php savvy and may know the necessary steps to secure the above. Kind regards, Chris
p2409 Posted October 10, 2009 Posted October 10, 2009 Read up on a) SQL injection B) interference with mail headers c) Pay someone to look at it for you. Given the quality of the code, I think option c) would be best. OSC User Definitions "I can add modules to OSC" = I can search, cut and paste. But not well, or I wouldn't be here. "I start my posting with 'works like a charm' = I'm letting you down gently, nothing works and I have no idea why "I finish postings with "plzzzz....hlp" = My installation is buggered and I know I'm going to have to pay someone, but I really, really don't want to.
thinkingforward Posted October 10, 2009 Author Posted October 10, 2009 thanks, here is the contents of the quote.php should anyone need it <?php mysql_connect("localhost", "nrylgbf_osc1", "thinkfrpw89") or die(mysql_error()); mysql_select_db("nrylgbf_granite") or die(mysql_error()); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <link href="stylesheetform.css" rel="stylesheet" type="text/css" /><style type="text/css"> <style type="text/css"> #numbers { margin:0; padding:0; list-style:none; padding:10px; clear:both; } #numbers li { float:left; width:16%; } #numbers li input { width:45px; display:inline;} #sizes { list-style:none; margin:0; padding:0; clear:both; } #sizes li { float:left; width:33%; text-align:center; } #sizes li input { margin-lefT:auto; margin-right:auto;} body { font-size:11px; font-family:Arial; color:#999999; } input, label { display:block; } optgroup { font-family:Arial; } .third { width:30%; margin-left:10px; margin-right:10px; float:left; margin-bottom:5px; border:1px solid #666666; } input, textarea { border:1px solid #666666; margin-bottom:5px; padding:3px; font-size:10px; } fieldset { padding:0px 15px 15px 15px; margin-bottom:17px; display:block; background-color:white; } legend { padding-left:5px; padding-right:5px; margin-bottom:10px; } #installation { display:inline; border:none; margin-bottom:-2px;} .half { width:50%; float:left; } .half input { width:45px; clear:right; float:left; } .half label { width:170px; float:left; } .lhalf { width:50%; float:left; } #pricing p { font-size:22px; text-align:center; margin:0; padding-top:10px;} #price { color:green; font-weight:bold; width:200px;} .lhalf input { width:270px; } #submit { float:right; } .shape { border:none; } #image { width:170px; height:170px; border:1px solid #666666; float:right; } #pricing { width:100%; height:50px; background-image:url(./images/noteback.png); margin-bottom:20px; border:1px solid #666666; } #container { width:770px; margin-left:auto; margin-right:auto; margin-bottom:20px; } #sizes input { border:none; } #form { margin-bottom:200px; width:750px; margin-left:10px; margin-right:auto; color:#999999; font-size:10px;} a:link { text-decoration: none; } a:visited { text-decoration: none; } a:hover { text-decoration: none; } a:active { text-decoration: none; } </style> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript" charset="utf-8"></script> <title>Granite</title> <script type="text/javascript"> jQuery(document).ready(function() { $('#calc').click(function() { $('#price').fadeOut("fast").empty(); var one = $('#1').val(); var two = $('#2').val(); var three = $('#3').val(); var four = $('#4').val(); var five = $('#5').val(); var six = $('#6').val(); var shape = $("[name=shape]:checked").val(); var granite = $("#granite :selected").val(); var submit = $('#submit').val(); var upstands = $('#upstands').val(); var polcut = $('#polcut').val(); var unpolcut = $('#unpolcut').val(); var drainer = $('#drainer').val(); var taphole = $('#taphole').val(); var hobcut = $('#hobcut').val(); var radius = $('#radius').val(); var fullarch = $('#fullarch').val(); var bevel = $('#bevel').val(); var pencil = $('#pencil').val(); var ogee = $('#ogee').val(); var bullnose = $('#bullnose').val(); var builtup = $('#builtup').val(); var install = $('#installation:checked').val(); $.ajax({ url: 'processor.php', type: 'POST', data: 'installation=' + install + '&6=' + six + '&1=' + one + '&2=' + two + '&3=' + three + '&4=' + four + '&5=' + five + '&shape=' + shape + '&granite=' + granite + '&submit=' + submit + '&upstands=' + upstands + '&polcut=' + polcut + '&unpolcut=' + unpolcut + '&drainer=' + drainer + '&taphole=' + taphole + '&hobcut=' + hobcut + '&radius=' + radius + '&fullarch=' + fullarch + '&bevel=' + bevel + '&pencil=' + pencil + '&ogee=' + ogee + '&bullnose=' + bullnose + '&builtup=' + builtup, success: function(result) { $('#price').append(result).fadeIn(400); } }); return false; }); $("#granite").change(function(){ var c = $('select#granite:checked').val(); var title = $("#granite :selected").val(); $('#img').attr('src', './images/' + title + '.jpg'); $("#calc").click(); }); $(".pricing").change(function() { $("#calc").click(); }); }); </script> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /></head> <body> <body link="#000000"> <div id="content"> <div id="heading"><img src="header.jpg" width="775" height="250" alt="Granite" /></div> <div id="home"> <div align="center"><a href="index.html" target="_self">Home</a></div> </div> <div id="services"> <div align="center"><a href="services.html" target="_self">Services</a></div> </div> <div id="prices"> <div align="center"><a href="prices.html" target="_self">Prices</a></div> </div> <div id="Quote"> <div align="center"><a href="quote.html" target="_self">Quote</a></div> </div> <div id="repairs"> <div align="center"><a href="http://www.graniterepairs.co.uk" target="_blank">Repairs</a></div> </div> <div id="gallery"> <div align="center"><a href="samplepics.html" target="_self">Sample Pics</a></div> </div> <div id="contact"> <div align="center"><a href="mailto:emailk">Contact us</a></div> </div> <div id="quotebody"> <form id="form" action="./sendquote.php" method="POST"> <?php $query1 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite1'"); $query2 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite2'"); $query3 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite3'"); $query4 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite4'"); $query5 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite5'"); $query6 = mysql_query("SELECT * FROM pricelist WHERE `group` = 'granite6'"); ?> <fieldset> <legend>Granite Type</legend> <select class="third" id="granite" name="granite" class="pricing" ><option title="select" id="select" value="select">Select Worktop</option><optgroup label="Group One"><?php while($row = mysql_fetch_array($query1)){ echo '<option value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> <optgroup label="Group Two"><?php while($row = mysql_fetch_array($query2)){ echo '<option title="' . $row['code'] . '" value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> <optgroup label="Group Three"><?php while($row = mysql_fetch_array($query3)){ echo '<option title="' . $row['code'] . '" value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> <optgroup label="Group Four"><?php while($row = mysql_fetch_array($query4)){ echo '<option title="' . $row['code'] . '" value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> <optgroup label="Group Five"><?php while($row = mysql_fetch_array($query5)){ echo '<option title="' . $row['code'] . '" value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> <optgroup label="Group Six"><?php while($row = mysql_fetch_array($query6)){ echo '<option value="' . $row['code'] . '">' . $row['description'] . '</option>';} ?></optgroup> </select> <div id="image"><img src="./images/1.jpg" id="img" /></div> </fieldset> <fieldset> <legend>Sizes Required</legend> <font color="#000000">Please select your desired layout using the buttons below. If you require more than 1 layout, please send each layout as a separate quote. Alternatively, you can email us a drawing by clicking <a href="mailto:email">here</a></font>. <ul id="sizes"> <li><img src="./images/smallstraight.png" /></li> <li><img src="./images/smallu.png" /></li> <li><img src="./images/smalll.png" /></li> <li><input class="pricing" type="radio" name="shape" value="straight"></li> <li><input class="pricing" type="radio" name="shape" value="u" ></li> <li><input class="pricing" type="radio" name="shape" value="l" ></li> </ul> <ul id="numbers"> <li><b>1:</b> <input class="pricing" type="text" id="1" name="1"/> (mm)</li> <li><b>2:</b> <input class="pricing" type="text" id="2" name="2"/> (mm)</li> <li><b>3:</b> <input class="pricing" type="text" id="3" name="3"/> (mm)</li> <li><b>4:</b> <input class="pricing" type="text" id="4" name="4"/> (mm)</li> <li><b>5:</b> <input class="pricing" type="text" id="5" name="5"/> (mm)</li> <li><b>6:</b> <input class="pricing" type="text" id="6" name="6"/> (mm)</li> </ul> </fieldset> <fieldset> <legend>Polished Cutouts Required</legend> <div class="half"> <label class="inline" for="radius">No of Polished Cut Outs:</label><input class="pricing" type="text" name="polcut" value="0" id="polcut" /> <label class="inline" for="radius">No of Unpolished Cut Outs:</label><input class="pricing" type="text" name="unpolcut" value="0" id="unpolcut" /> <label class="inline" for="radius">Set of 5 Drainer Grooves:</label><input class="pricing" type="text" name="drainer" value="0" id="drainer" /> <label class="inline" for="taphole">No of Tap Holes:</label><input class="pricing" type="text" name="taphole" value="0" id="taphole" /> </div><div class="half"> <label class="inline" for="hobcut">No of Hob Cut Outs:</label><input class="pricing" type="text" name="hobcut" value="0" id="hobcut" /> <label class="inline" for="radius">No of Radius Ends:</label><input class="pricing" type="text" name="radius" value="0" id="radius" /> <label class="inline" for="radius">No of Full Archs:</label><input class="pricing" type="text" name="fullarch" value="0" id="fullarch" /> </div> </fieldset> <fieldset> <legend>Fabrication Work Required (charged per linear metre)</legend> <div class="half"> <label class="inline" for="upstands">Upstands Required (100mm):</label><input class="pricing" type="text" value="0" name="upstands" id="upstands" /> <label class="inline" for="bevel">Standard (Bevel) Polish</label><input class="pricing" type="text" value="0" name="bevel" id="bevel" /> <label class="inline" for="pencil">Pencil Round Polish</label><input class="pricing" type="text" value="0" name="pencil" id="pencil" /> </div><div class="half"> <label class="inline" for="ogee">Ogee</label><input type="text" class="pricing" name="ogee" value="0" id="ogee" /> <label class="inline" for="bullnose">Bullnose Polish</label><input class="pricing" type="text" value="0" name="bullnose" id="bullnose" /> <label class="inline" for="builtup">Built-up Edge 150mm</label><input class="pricing" type="text" value="0" name="builtup" id="builtup" /> </div> </fieldset> <fieldset> <legend>Installation & Template</legend> <input type="checkbox" id="installation" class="pricing" name="installation" /> Yes, I would like you to template and install this for me<br/> </fieldset> <div id="pricing"><p>Your Estimate for this Worktop is: <span id="price">£</span> Ex VAT<span id="calc">.</span></p></div> <fieldset> <legend>About You</legend> <div class="fields"> <div class="lhalf"> <label for="firstname">First Name:</label><input type="text" name="firstname" id="firstname" /> <label for="lastname">Last Name:</label><input type="text" name="lastname" id="lastname" /> <label for="email">Email Address:</label><input type="text" name="email" id="email" /> <label for="phone">Telephone:</label><input type="text" name="phone" id="phone" /> </div> <div class="lhalf"> <label for="address">Address:</label><input type="text" name="address" id="address" /> <label for="postcode">Postcode:</label><input type="text" name="postcode" id="postcode" /> <label for="message">Message:</label><textarea rows="3" cols="31" name="message" id="message"></textarea> </div> </div> </fieldset> <div style="clear:both;"></div> <input type="submit" name="submit" id="submit" value="Make Enquiry" /> </form><div style="clear:both;"></div> </div><div style="clear:both;"></div> </div><div style="clear:both;"></div>
thinkingforward Posted October 10, 2009 Author Posted October 10, 2009 oh i've changed my sql username and pass as I forgot to remove it from above post.
p2409 Posted October 22, 2009 Posted October 22, 2009 oh i've changed my sql username and pass as I forgot to remove it from above post. Get real. Noone's going to sort that out for you on this site. Stop wasting people's time. OSC User Definitions "I can add modules to OSC" = I can search, cut and paste. But not well, or I wouldn't be here. "I start my posting with 'works like a charm' = I'm letting you down gently, nothing works and I have no idea why "I finish postings with "plzzzz....hlp" = My installation is buggered and I know I'm going to have to pay someone, but I really, really don't want to.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.