Want to make sure my Code is SECURE =)

Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.

Popular code excerpts may be moved to "Code Snippets" by the moderators.

Moderator: General Moderators

Post Reply
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Want to make sure my Code is SECURE =)

Post by psychotomus »

my code

it uses smarty templating engine.

Code: Select all

 
<?php
session_start();
require "../config.php";
require "../libs/Smarty.class.php";
 
$smarty = new Smarty;
 
if($_SESSION['rpg_' .$game_name . 'userrank'] != 1)
{
    die("You dont belong here");
}
 
//if adding new char/enemy
if(isset($_POST['Submit']))
{   
    //vars
    $name = strip_tags(mysql_real_escape_string($_POST['textName']));
    $brave = strip_tags(mysql_real_escape_string($_POST['textBrave']));
    $crimegroup = strip_tags(mysql_real_escape_string($_POST['selectCrimeGroups']));
    $formula = strip_tags(mysql_real_escape_string($_POST['textFormula']));
    $minmoney = strip_tags(mysql_real_escape_string($_POST['textMinMoney']));
    $maxmoney = strip_tags(mysql_real_escape_string($_POST['textMaxMoney']));
    $minexp = strip_tags(mysql_real_escape_string($_POST['textMinExp']));
    $maxexp = strip_tags(mysql_real_escape_string($_POST['textMaxExp']));
    $text = stripslashes(strip_tags(mysql_real_escape_string($_POST['textText'])));
    $failtext = stripslashes(strip_tags(mysql_real_escape_string($_POST['textFailedText'])));
    $suctext = stripslashes(strip_tags(mysql_real_escape_string($_POST['textSuccessText'])));
    $imageinfo = getimagesize($_FILES['file']['tmp_name']);
    $file_typ = array();
    $file_typ =  explode('.',strtolower($_FILES["file"]["name"]));
    $file_type = $file_typ[count($file_typ)-1];
    
    if($file_type == "jpg" || $file_type == "png" || $file_type == "gif" || $imageinfo['mime'] == "image/gif" || $imageinfo['mime'] == "image/jpg" || $imageinfo['mime'] == "image/jpeg" || $imageinfo['mime'] == "image/png" && isset($imageinfo) )
    {
 
        //check if item name not in use
        $result = mysql_query("SELECT crimeID FROM crimes WHERE crimeNAME='$name' AND game='$game_name'") or die(mysql_error());
        if(mysql_num_rows($result) == 0)
        {
            //if successfully moved file
            if(move_uploaded_file($_FILES["file"]["tmp_name"], "../../gamedata/$game_name/crimes/$name.$file_type"))
            {
                mysql_query("INSERT INTO crimes (crimeNAME, crimeFTYPE, crimeBRAVE, crimePERCFORM, crimeMinMoney, crimeMaxMoney, crimeGROUP, crimeITEXT, crimeFTEXT, crimeSTEXT, crimeMinEXP, crimeMaxEXP, game) VALUES ('$name', '$file_type', '$brave', '$formula', '$minmoney', '$maxmoney', '$crimegroup', '$text', '$failtext', '$suctext', '$minexp', '$maxexp', '$game_name')") or die(mysql_error());
                $msg = "Crime successfully added...";
            }
            else
            {
                $msg = 'Failed to upload crime image...';
            }
        }
        else
        {
            $msg = "Name can not be same as another crime name...";
        }
    }
    else
    {
        $msg =  "Item Image must be jpg/gif/png image...";
    }
}
 
//crime groups query
$result = mysql_query("SELECT cgID, cgNAME FROM crimegroups WHERE game='$game_name' ORDER BY cgNAME ASC") or die(mysql_error()); 
 
//get all crime groups 
while($group = mysql_fetch_object($result)) 
{ 
 
    if(empty($crimegroupsel))
    {
        $crimegroupsel = $group->cgID;
    }
    $crimegroups[$group->cgID] = $group->cgNAME; 
} 
 
$smarty->assign("CrimeGroups", $crimegroups); 
$smarty->assign("CrimeGroupsSel", $crimegroupsel); 
 
 
//set template var
$smarty->assign("MSG", $msg);
 
//parse templates
$smarty->display('crimeadd.tpl');
 
?>
 
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Want to make sure my Code is SECURE =)

Post by josh »

Don't trust the file extension
psychotomus
Forum Contributor
Posts: 487
Joined: Fri Jul 11, 2003 1:59 am

Re: Want to make sure my Code is SECURE =)

Post by psychotomus »

what should I trust then?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Want to make sure my Code is SECURE =)

Post by josh »

Trust nothing. Mime type would at least be better then file extension though. Hint: finfo functions.
Post Reply