Page 1 of 1

Want to make sure my Code is SECURE =)

Posted: Sat Dec 26, 2009 3:36 pm
by psychotomus
my code

it uses smarty templating engine.

Code: Select all

 
<?php
session_start();
require "../config.php";
require "../libs/Smarty.class.php";
 
$smarty = new Smarty;
 
if($_SESSION['rpg_' .$game_name . 'userrank'] != 1)
{
    die("You dont belong here");
}
 
//if adding new char/enemy
if(isset($_POST['Submit']))
{   
    //vars
    $name = strip_tags(mysql_real_escape_string($_POST['textName']));
    $brave = strip_tags(mysql_real_escape_string($_POST['textBrave']));
    $crimegroup = strip_tags(mysql_real_escape_string($_POST['selectCrimeGroups']));
    $formula = strip_tags(mysql_real_escape_string($_POST['textFormula']));
    $minmoney = strip_tags(mysql_real_escape_string($_POST['textMinMoney']));
    $maxmoney = strip_tags(mysql_real_escape_string($_POST['textMaxMoney']));
    $minexp = strip_tags(mysql_real_escape_string($_POST['textMinExp']));
    $maxexp = strip_tags(mysql_real_escape_string($_POST['textMaxExp']));
    $text = stripslashes(strip_tags(mysql_real_escape_string($_POST['textText'])));
    $failtext = stripslashes(strip_tags(mysql_real_escape_string($_POST['textFailedText'])));
    $suctext = stripslashes(strip_tags(mysql_real_escape_string($_POST['textSuccessText'])));
    $imageinfo = getimagesize($_FILES['file']['tmp_name']);
    $file_typ = array();
    $file_typ =  explode('.',strtolower($_FILES["file"]["name"]));
    $file_type = $file_typ[count($file_typ)-1];
    
    if($file_type == "jpg" || $file_type == "png" || $file_type == "gif" || $imageinfo['mime'] == "image/gif" || $imageinfo['mime'] == "image/jpg" || $imageinfo['mime'] == "image/jpeg" || $imageinfo['mime'] == "image/png" && isset($imageinfo) )
    {
 
        //check if item name not in use
        $result = mysql_query("SELECT crimeID FROM crimes WHERE crimeNAME='$name' AND game='$game_name'") or die(mysql_error());
        if(mysql_num_rows($result) == 0)
        {
            //if successfully moved file
            if(move_uploaded_file($_FILES["file"]["tmp_name"], "../../gamedata/$game_name/crimes/$name.$file_type"))
            {
                mysql_query("INSERT INTO crimes (crimeNAME, crimeFTYPE, crimeBRAVE, crimePERCFORM, crimeMinMoney, crimeMaxMoney, crimeGROUP, crimeITEXT, crimeFTEXT, crimeSTEXT, crimeMinEXP, crimeMaxEXP, game) VALUES ('$name', '$file_type', '$brave', '$formula', '$minmoney', '$maxmoney', '$crimegroup', '$text', '$failtext', '$suctext', '$minexp', '$maxexp', '$game_name')") or die(mysql_error());
                $msg = "Crime successfully added...";
            }
            else
            {
                $msg = 'Failed to upload crime image...';
            }
        }
        else
        {
            $msg = "Name can not be same as another crime name...";
        }
    }
    else
    {
        $msg =  "Item Image must be jpg/gif/png image...";
    }
}
 
//crime groups query
$result = mysql_query("SELECT cgID, cgNAME FROM crimegroups WHERE game='$game_name' ORDER BY cgNAME ASC") or die(mysql_error()); 
 
//get all crime groups 
while($group = mysql_fetch_object($result)) 
{ 
 
    if(empty($crimegroupsel))
    {
        $crimegroupsel = $group->cgID;
    }
    $crimegroups[$group->cgID] = $group->cgNAME; 
} 
 
$smarty->assign("CrimeGroups", $crimegroups); 
$smarty->assign("CrimeGroupsSel", $crimegroupsel); 
 
 
//set template var
$smarty->assign("MSG", $msg);
 
//parse templates
$smarty->display('crimeadd.tpl');
 
?>
 

Re: Want to make sure my Code is SECURE =)

Posted: Sun Dec 27, 2009 12:19 pm
by josh
Don't trust the file extension

Re: Want to make sure my Code is SECURE =)

Posted: Sun Dec 27, 2009 6:43 pm
by psychotomus
what should I trust then?

Re: Want to make sure my Code is SECURE =)

Posted: Sun Dec 27, 2009 9:47 pm
by josh
Trust nothing. Mime type would at least be better then file extension though. Hint: finfo functions.