Page 1 of 1

confirmation page

Posted: Tue Oct 30, 2007 5:11 am
by shivam0101
This is the code written for confirming members through email.

Code: Select all

<?php
require_once('general/require_once.php');

$confirm_code=$_GET['cc'];

if(!empty($confirm_code))
{
	$query_check=mysql_query("SELECT * FROM members WHERE confirm_code='$confirm_code' AND confirm_flag='YES'");
	if(mysql_num_rows($query_check) == 1)
	{
            
	   $fetch_det=mysql_fetch_array($query_check);
	   $member_id=$fetch_det['member_id'];
	   session_start();
       $_SESSION['member_id']=$member_id;
	   header("Location: ".SITE_URL);
	}


    elseif(mysql_num_rows(mysql_query("SELECT * FROM members WHERE confirm_code='$confirm_code' AND confirm_flag !='YES'"))==1)
    {
      $date=GetDateTime();
      $query_update_confirm=mysql_query("UPDATE members SET confirm_flag='YES', confirmation_date='$date' WHERE confirm_code='$confirm_code'");
      
      if($query_update_confirm)
      {
	  	$query_det=mysql_query("SELECT * FROM members WHERE confirm_code='$confirm_code' AND confirm_flag='YES'");
      	if(mysql_num_rows($query_det)==1)
      	{
         	$fetch_det=mysql_fetch_array($query_det);
	     	$member_id=$fetch_det['member_id'];
	     	session_start();
         	$_SESSION['member_id']=$member_id;
	     	header("Location: ".SITE_URL);
	  	}
      }
    }
    else
    echo 'Invalid confirmation';
   
}


?>
If there is any improvements that has to be made in the above code, please let me know.

Thanks

Posted: Tue Oct 30, 2007 6:32 am
by Chris Corbyn
Read up on "SQL Injection Attacks" ;)

Posted: Tue Oct 30, 2007 7:55 am
by CoderGoblin
Redirections using header should always be followed by exit;. Even though the header is sent the program continues until it finishes. If you ever have things outside tthe if structure they will be processed. which could lead to strange side effects.

You may want to look at mysql_real_escape_string which shows an SQL Injection.

Posted: Tue Oct 30, 2007 8:45 am
by shivam0101
If you ever have things outside tthe if structure they will be processed. which could lead to strange side effects.
Can you give more information?

Posted: Tue Oct 30, 2007 9:32 am
by CoderGoblin
A brief example (not bothering with too much correctness)

Code: Select all

<?php

if (empty($_GET['insert']) {
    $_SESSION['message']='We aren\'t doing anything';
    header("Location: http://www.mypage.com/page2.php");
}
usleep(5000000);
$_SESSION['message']='Well you processed the form';
?>
<!-- PLACE HTML HERE POSSIBLY -->
I would expect in a situation like this, you will wait for 5 seconds for the jump to page2.php and the $_SESSION value will be the second one even if you have a $_GET['insert'] value. That's bad enough but consider the dangers if you modify information in a database outside of the IF. Because this is an unexpected "side effect" it will be difficult to track down as it should not be getting to where you set the 2nd $_SESSION. Even if you don't set or change anything outside the IF, the program flow will go to the end wasting processing time.