my sendquote form has recently been used in an injection attack to gain access to my webserver. I had this coded by a 3rd party for me and was after a second opinion on whether it's secure or needs securing.
The code is as follows:
Code: Select all
<?php
include('./class.quote.php');
$quote = new quote();
//POST ITEMS
$type = mysql_real_escape_string($_POST['granite']);
$shape = $_POST['shape'];
if(is_numeric($_POST['1'])){ $size1 = $_POST['1']; }else{ $error[] = 'Size 1 Input must be Numeric';}
if(is_numeric($_POST['2'])){ $size2 = $_POST['2']; }else{ $error[] = 'Size 2 Input must be Numeric';}
$size3 = $_POST['3'];
$size4 = $_POST['4'];
$size5 = $_POST['5'];
$size6 = $_POST['6'];
if(is_numeric($_POST['polcut'])){ $polcut = $_POST['polcut']; }else{ $error[]='Polished Cut Out Input must be Numeric';}
if(is_numeric($_POST['unpolcut'])){ $unpolcut = $_POST['unpolcut']; }else{ $error[]='UnPolished Cut Out Input must be Numeric';}
if(is_numeric($_POST['drainer'])){ $drainer = $_POST['drainer']; }else{ $error[]='Drainer Input must be Numeric';}
if(is_numeric($_POST['taphole'])){ $taphole = $_POST['taphole']; }else{ $error[]='Taphole Input must be Numeric';}
if(is_numeric($_POST['hobcut'])){ $hobcut = $_POST['hobcut']; }else{ $error[]='Hobcut Input must be Numeric';}
if(is_numeric($_POST['radius'])){ $radius = $_POST['radius']; }else{ $error[]='Radius Input must be Numeric';}
if(is_numeric($_POST['fullarch'])){ $fullarch = $_POST['fullarch']; }else{ $error[]='Fullarch Input must be Numeric';}
if(is_numeric($_POST['upstands'])){ $upstands = $_POST['upstands']; }else{ $error[]='Upstands Input must be Numeric';}
if(is_numeric($_POST['bevel'])){ $bevel = $_POST['bevel']; }else{ $error[]='Bevel Input must be Numeric';}
if(is_numeric($_POST['pencil'])){ $pencil = $_POST['pencil']; }else{ $error[]='Pencil Input must be Numeric';}
if(is_numeric($_POST['bullnose'])){ $bullnose = $_POST['bullnose']; }else{ $error[]='Bullnose Input must be Numeric';}
if(is_numeric($_POST['builtup'])){ $builtup = $_POST['builtup']; }else{ $error[] = 'Builtup Input must be Numeric';}
if(is_numeric($_POST['ogee'])){ $ogee = $_POST['ogee']; }else{ $error[] = 'Ogee Input must be Numeric';}
if($_POST['installation'] == 'on'){ $install = 1; }
if(!empty($_POST['firstname'])){ $firstname = $_POST['firstname'];}else{ $error[] = 'Name Must be set'; }
if(!empty($_POST['lastname'])){ $lastname = $_POST['lastname'];}else{ $error[] = 'Last Name Must be set'; }
if(!empty($_POST['email'])){ $email = $_POST['email'];}else{ $error[] = 'Email Must be set'; }
if(!empty($_POST['phone'])){ $phone = $_POST['phone'];}else{ $error[] = 'Phone Must be set'; }
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$message = $_POST['message'];
$submit = $_POST['submit'];
//END POST ITEMS
if(isset($submit)){
$quote->SetGranite($type);
$quote->SetSizes($shape, $size1, $size2, $size3, $size4, $size5);
$quote->CalculateM2();
$quote->CalculatePrice();
$quote->AddItem('35', $upstands);
$quote->AddItem('29', $polcut);
$quote->AddItem('31', $unpolcut);
$quote->AddItem('30', $drainer);
$quote->AddItem('32', $taphole);
$quote->AddItem('33', $radius);
$quote->AddItem('30', $drainer);
$quote->AddItem('34', $fullarch);
$quote->AddItem('24', $bevel);
$quote->AddItem('30', $drainer);
$quote->AddItem('25', $pencil);
$quote->AddItem('26', $bullnose);
$quote->AddItem('28', $builtup);
$quote->AddItem('38', $hobcut);
$quote->AddItem('27', $ogee);
$quote->AddItem('39', $install);
if(empty($error)){
if($install == 1){ $install = 'yes'; }
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'To: Website Enquiry <emailhere>' . "\r\n";
$headers .= 'From: Website Enquiry <emailhere>' . "\r\n";
$q = mysql_query("SELECT * FROM pricelist WHERE code = '" . $type . "'");
while($row = mysql_fetch_array($q)){
$type = $row['description'];
}
$msg = 'Selected Granite - ' . $type . '<br/>';
$msg .= 'Selected Shape - ' . $shape . '<br/>';
$msg .= 'Size 1 - ' . $size1 . '<br/>';
$msg .= 'Size 2 - ' . $size2 . '<br/>';
$msg .= 'Size 3 - ' . $size3 . '<br/>';
$msg .= 'Size 4 - ' . $size4 . '<br/>';
$msg .= 'Size 5 - ' . $size5 . '<br/>';
$msg .= 'Size 6 - ' . $size6 . '<br/>';
if($shape == 'l'){
$size1 = $size1 / 1000;
$size2 = $size2 / 1000;
$size3 = $size3 / 1000;
$size4 = $size4 / 1000;
$msg .= 'Section A - ' . $size1 * $size2 . 'm2<br/>';
$msg .= 'Section B - ' . $size3 * $size4 . 'm2<br/>';
}
if($shape == 'u'){
$size1 = $size1 / 1000;
$size2 = $size2 / 1000;
$size3 = $size3 / 1000;
$size4 = $size4 / 1000;
$size5 = $size5 / 1000;
$size6 = $size6 / 1000;
$msg .= 'Section A - ' . $size1 * $size2 . 'm2<br/>';
$msg .= 'Section B - ' . $size3 * $size4 . 'm2<br/>';
$msg .= 'Section C - ' . $size5 * $size6 . 'm2<br/>';
}
//$msg .= 'Total:' . $quote->m2 . 'm2<br/><br/>';
$msg .= 'Polished Cut Outs - ' . $polcut . '<br/>';
$msg .= 'Unpolished Cut Outs - ' . $unpolcut . '<br/>';
$msg .= 'Drainer - ' . $drainer . '<br/>';
$msg .= 'Tapholes - ' . $taphole . '<br/>';
$msg .= 'Hob Cut Outs - ' . $hobcut . '<br/>';
$msg .= 'Radius Ends - ' . $radius . '<br/>';
$msg .= 'Full Arch - ' . $fullarch . '<br/>';
$msg .= 'Upstands - ' . $upstands . '<br/>';
$msg .= 'Bevel - ' . $bevel . '<br/>';
$msg .= 'Pencil - ' . $pencil . '<br/>';
$msg .= 'Bullnose - ' . $bullnose . '<br/>';
$msg .= 'Builtup - ' . $builtup . '<br/>';
$msg .= 'Ogee - ' . $ogee . '<br/>';
$msg .= 'Installation - ' . $install . '<br/>';
$msg .= 'First Name - ' . $firstname . '<br/>';
$msg .= 'Last Name - ' . $lastname . '<br/>';
$msg .= 'Email - ' . $email . '<br/>';
$msg .= 'Phone - ' . $phone . '<br/>';
$msg .= 'Address - ' . $address . '<br/>';
$msg .= 'Postcode - ' . $postcode . '<br/>';
$msg .= 'Message - ' . $message . '<br/><br/><br/>';
$msg .= 'Estimated Price - £' . number_format($quote->price,2) . '<br/>';
if(mail(emailhere', 'Quote for Granite Worktop', $msg, $headers)){
echo 'Success, We have received your enquiry!';
};
}else{
echo '<p>Sorry, you had errors in your form submission, please go back and try again.</p>';
foreach($error as $key=>$value){
echo $value . '<br/>';
}
echo '<p><A HREF="javascript:history.go(-1)">Click Here</A> To Go Back</p>';
}
}
?>