new from php need help and critics

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
glendon
Forum Newbie
Posts: 5
Joined: Wed Nov 06, 2013 7:35 am

new from php need help and critics

Post by glendon »

hello everyone im new in php im a 3rd year college student and i want you guys to see my project, it is a dental clinic site, please suggest anything or maybe help me out on improving the site.. in the site u can register, log in, and it has an admin with username:admin password:admin, please see my output here, please help me out on security and improving this, you can add me on facebook sumasalad5@yahoo.com hehehe , I'm just so desperate to finish this project and i want it to be the best dental clinic site! :) :D
Attachments
dentalfinalnajud.zip
please see my project database is included in the zip file and database name is dentaldb just then import the dentaldb.sql
(270.1 KiB) Downloaded 733 times
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: new from php need help and critics

Post by Christopher »

I don't know what is in the ZIP file. I doubt people will download it. You will only get help if you post specific parts of your code and ask questions about that code.
(#10850)
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: new from php need help and critics

Post by Celauran »

Agreed. Not touching a random zip file. Why not post it on GitHub?
vipinsaini
Forum Newbie
Posts: 5
Joined: Thu Nov 07, 2013 5:33 am

Re: new from php need help and critics

Post by vipinsaini »

glendon wrote:hello everyone im new in php im a 3rd year college student and i want you guys to see my project, it is a dental clinic site, please suggest anything or maybe help me out on improving the site.. in the site u can register, log in, and it has an admin with username:admin password:admin, please see my output here, please help me out on security and improving this, you can add me on facebook sumasalad5@yahoo.com hehehe , I'm just so desperate to finish this project and i want it to be the best dental clinic site! :) :D
What kind of help do you need for your project??? let me know???
glendon
Forum Newbie
Posts: 5
Joined: Wed Nov 06, 2013 7:35 am

Re: new from php need help and critics

Post by glendon »

well i am a dreamer and im dreaming on to up or host this site someday! :) well, i just want to know what's the best way to secure it from hackers or the security of my output, my output or the program i attached is a dental clinic, i just posted it here simply because maybe someone that's very good in programming can see it and i dont know what's the best way or the proper way or process to do on online payments and maybe i could get some advice and help, as for now, i still have to go to my professor for him to check it and there's no problem on the program yet! :) i'm new in this forum and im very happy reading ur replies, i'm 18 and having fun programming this even if it takes all my time but i just love it so much when i'm doing my dream, :D
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: new from php need help and critics

Post by Christopher »

Please post specific parts of your code that you have questions or concerns about. For example, a form where you accept user input would be important code to have reviewed for security problems.
(#10850)
glendon
Forum Newbie
Posts: 5
Joined: Wed Nov 06, 2013 7:35 am

Re: new from php need help and critics

Post by glendon »

in my program when the user clicks the product, it will show the description and price of the product, then, in payment process i only made it orderform,since my program or output is a reservation system on a dental clinic, here is my codes

Code: Select all

<?php
session_start();
?>
<?php
include("dbconnect.php");
include("header.php");
$user_id=$_SESSION['user_id'];
$prid = $_POST['prid'];
$result=mysql_query("select * from patient_tbl where user_id='$user_id'")or die(mysql_error);
$row=mysql_fetch_array($result);
?>

<TABLE>
	<form action='sendorder.php' method='post' name='form1'  onSubmit="return validateForm()">
		<input type='hidden' name='prid' value='<?=$prid ?>'>
		<TR><TD><B>Product name:</B> </TD><TD><input readonly type=text name=prodname value="<?=$_POST['prodname']; ?>"></input>
		<BR></TD></TR>
		<TR><TD><B>Price:</B> </TD><TD><input readonly type=text name=price value="<?=$_POST['price'].$curency;?>"></input>
		<BR></TD></TR>
		<TR><TD><B>Limit:</B> </TD><TD><input readonly type=text name=stock value="<?=$_POST['stock'];?>"></input>
		<BR></TD></TR>
		<input type=hidden name=quantity value="1"><BR></TD></TR>
		<TR><TD>Patient firstname:<TD><input  type="Text" name="fname" value="<?php echo $row["fname"];?>"></input>
		<TR><TD>Patient lastname:<TD><input  type="Text" name="lname" value="<?php echo $row["lname"];?>"></input>
		<TR><TD>email: </TD><TD><input readonly type="Text" name="email" value="<?php echo $row["email"];?>"></input>
		<TR><TD>Phone: </TD><TD><input readonly type="Text" name="phone" value="<?php echo $row["contact"];?>"></input>
		<TR><TD>Address: </TD><TD><input readonly type="Text" name="country" value="<?php echo $row["address"];?>"></input>
		<TR><TD>Credit card: </TD><TD><select><option>Visa
		                                      <option>MasterCard<input type=text name=credit><BR></TD></TR>
		<TR><TD>Date of Appointment: </TD><TD><select name=datemonth><option>(MM) 
							                                            <option>1
							                                            <option>2
							                                            <option>3
							                                            <option>4
							                                            <option>5    
                                                                        <option>6
                                                                        <option>7 
                                                                        <option>8
                                                                        <option>9 
                                                                        <option>10 
                                                                        <option>11 
                                                                        <option>12 	</select>	
			                                 <select name=dateday><option>(DD)
							                                            <option>1
							                                            <option>2
							                                            <option>3
							                                            <option>4
							                                            <option>5    
                                                                        <option>6
                                                                        <option>7 
                                                                        <option>8
                                                                        <option>9 
                                                                        <option>10 
                                                                        <option>11 
                                                                        <option>12 	
																		<option>13
							                                            <option>14
							                                            <option>15
							                                            <option>16
							                                            <option>17    
                                                                        <option>18
                                                                        <option>19 
                                                                        <option>20
                                                                        <option>21 
                                                                        <option>22
                                                                        <option>23 
                                                                        <option>24
																		<option>25
																		<option>26
																		<option>27
																		<option>28
																		<option>29
																		<option>30
																		<option>31
																		</select>
         															    <select name=dateyear><option>(YY)
							                                            <option>2013 </select>
<TR><TD>Time: </TD><TD><select name=time><option>(time) 
							                                            <option>8:00am
							                                            <option>9:00am
							                                            <option>10:00am
							                                            <option>11:00am
							                                            <option>1:00pm
							                                            <option>2:00pm
							                                            <option>3:00pm
							                                            
							                                              
                                                                         	</select>																			
		<TR><TD></TD><TD><input type=submit name=submit value='avail/purchase' ></TD></TR>
		<tr align=center>
<td colspan=2>
<span id=invalid1></span>
</td>
</tr>
	</form>
</TABLE>

<?php include("footerr.php");?>
this will get the current logged in user info, is it alright that the user just input his credit card number? or in the registration i will include the credit card info? how? i really don't know what's the best thing to do in payment process, pls help me, should i add carting? and please help me also in security and also improve my program
Post Reply