Ok,
I have a collection of PHP scripts that I execute once a form is submitted. I know for a fact that the form works and does what it’s supposed to, but for whatever reason, seems to only execute 50% of the time. Other times, the page will just lag in one place trying to load the page and scripts till finally it times out, no variable was returned, and the user is routed back to the form again stating that invalid input was specified even though there wasn’t.
What the scripts do is after the user hits submit, it encodes the input till it gets to the new page and once it’s at the new page, decodes, Escapes the String, Validates the input using the ESAPI Library and the previous security question module. Only if all checks will the form then send an email both to myself and to the user with appropriate information. The point at which the script stops is also a tad inconsistent making it hard to debug… but even though I’m also storing the needed variables in a session, the input still doesn’t go through.
Could this still be the way the form was scripted or does it have something to do with my host considering I know for a fact that these scripts do work?
Ok,
I have a collection of PHP scripts that I execute once a form is submitted. I know for a fact that the form works and does what it's supposed to, but for whatever reason, seems to only execute 50% of the time. Other times, the page will just lag in one place trying to load the page and scripts till finally it times out, no variable was returned, and the user is routed back to the form again stating that invalid input was specified even though there wasn't.
What the scripts do is after the user hits submit, it encodes the input till it gets to the new page and once it's at the new page, decodes, Escapes the String, Validates the input using the ESAPI Library and the previous security question module. Only if all checks will the form then send an email both to myself and to the user with appropriate information. The point at which the script stops is also a tad inconsistent making it hard to debug... but even though I'm also storing the needed variables in a session, the input still doesn't go through.
Could this still be the way the form was scripted or does it have something to do with my host considering I know for a fact that these scripts do work?[/QUOTE]
[CODE]
<?php
$first_name = $_POST["first_name"];
$last_name = $_POST["last_name"];
$email = $_POST["email"];
$telephone = $_POST["telephone"];
$contact_time = $_POST["contact_time"];
$detail = $_POST["detail"];
$service_type = $_POST["service_type"];
$req_id = $_POST["req_id"];
$date = time();
//-------SETUP----------------
session_start();
require ("noHack/mathAuth/ClassMathGuard.php");
require ("noHack/RSA/rsa.class.php");
require ("noHack/SecCC.php");
$userpiced = $_POST['numcheck'];//What picture did the user pick?
$fake_uno = $_POST['Likesite'];//The first box that shouldn't have data
$fake_dos = $_POST['YourAge'];//The second box that shouldn't have data
function fail_val() {
header("Location: servicereq.php?msg=invalid");
die();
}
$fromdomain = $_SERVER['HTTP_REFERER'];
$getdomain = parse_url($fromdomain);
$setdomain = strtolower($getdomain["host"]);//Where the request actually came from
$lookdomain = "keyjaycompound.com";//The domain the request needed to come from
$RSA = new RSA();
$keys = $RSA->generate_keys ($gate1, $gate2, 0);
if (isset($_SESSION['END_VALUE'])!=""){
$check_data = $RSA->decrypt ($_SESSION['END_VALUE'], $keys[2], $keys[0]); //Decrypt requested number
}
else
{
fail_val();
}
//-------------------------------
//--------VALIDATION-------------
if (MathGuard :: checkResult($_REQUEST['mathguard_answer'], $_REQUEST['mathguard_code'])&&
($userpiced == $check_data) && //Was the pic the user clicked correct?
($setdomain == $lookdomain) &&//Was the domain the request came from correct?
(isset($_SESSION['CLICK_SEND'])==1) &&//Did the user click the picMe?
($fake_uno == "")&&($fake_dos == "")//Did the user fill these fields?
)
{
unset($_SESSION['END_VALUE']);
unset($_SESSION['CLICK_SEND']);
//echo ("Great!"); //insert your code that will be executed when user enters the correct answer
} else {
fail_val();
}
//----Case Number Generator
//-------Connection Script------
require("tmp_includesfld/db_config_service.php");
$connection = mysql_connect($db_host,$db_user,$db_password) or die("Unable to Connect to Database!");
mysql_select_db ($db_name,$connection);
//-----------------------------
//--------------------INPUT VALIDATION--------
//---LEVEL 1 ESCAPE MOST
$first_name = mysql_real_escape_string(str_replace(" ", "", $first_name));
$last_name = mysql_real_escape_string(str_replace(" ", "", $last_name));
$email = mysql_real_escape_string(str_replace(" ", "", $email));
//---LEVEL 2 OWASP
require_once dirname(__FILE__) . '/noHack/ESAPI/src/ESAPI.php';
$ESAPI = new ESAPI(dirname(__FILE__) . "/noHack/ESAPI/config/ESAPI.xml");
require_once dirname(__FILE__) .'/noHack/SecCC.php';//My Security Control Classes
global $ESAPI;
$validator = ESAPI::getValidator();
if ((($validator->isValidInput("First Name",$first_name, "AccountName", 25, false)) &&
($validator->isValidInput("Last Name",$last_name, "AccountName", 25, true)) &&
($validator->isValidInput("Phone Number",$telephone, "Phone", 25, true)) &&
($validator->isValidInput("Email Address",$email, "Email", 50, false)))) {
//Input Was Correct
}
else{
$error2 = "msg=invalid2&fn=".$first_name."&ln=".$last_name."&em=".$email."&tl=".$telephone;
header("Location: servicereq.php?".$error2);
exit();
}
//----------
$clean_contact = new cleantoHTML; //New Object using my class using ESAPI to Canonolize and Encode to HTML
$clean_detail = clone $clean_contact; //Clone of the object above for Detail
//----------
//CONTACT TIME -----------
$contact_time = $clean_contact->getcano($contact_time,0);
//JOB DETAILS -----------
$detail = $clean_detail->getcano($detail,0);
//-------------------------
//--------------------------------------------
$locate = "Location: Service_RequestSent.php?nm1=".$first_name."&nm2=".$last_name."&em=".$email."&rqi=".$req_id;
if ($service_type == 1){
$query = "INSERT INTO music (musicr_ID,first_name,last_name,email,phone,contact_time,service_details,case_ID,req_status) VALUE (NULL,'$first_name','$last_name','$email','$telephone','$contact_time','$detail','$req_id','1')";
$result = mysql_query($query,$connection) or die(mysql_error());
$str_service = "Music";
}
if ($service_type == 2){
$query = "INSERT INTO voice (voicer_ID,first_name,last_name,email,phone,contact_time,service_details,case_ID,req_status) VALUE (NULL,'$first_name','$last_name','$email','$telephone','$contact_time','$detail','$req_id','1')";
$result = mysql_query($query,$connection) or die(mysql_error());
$str_service = "Voice Acting";
}
if ($service_type == 3){
$query = "INSERT INTO web (web_ID,first_name,last_name,email,phone,contact_time,service_details,case_ID,req_status) VALUE (NULL,'$first_name','$last_name','$email','$telephone','$contact_time','$detail','$req_id','1')";
$result = mysql_query($query,$connection) or die(mysql_error());
$str_service = "Website";
}
//-----------
// EMAIL SECTION
//-----------
//----Email Modirator Notifyer-----
function send_email($from, $to, $subject, $message){
$headers = "From: ".$from."rn";
$headers .= "Reply-To: ".$from."rn";
$headers .= "Return-Path: ".$from."rn";
$headers .= "Content-type: text/htmlrn";
if (mail($to,$subject,$message,$headers) ) {
} else {
echo "n email couldn't be sent";
exit();
}
}
//-----------------------------------------
//----Email Client Notifyer-----
function send_email2($from2, $to2, $subject2, $message2){
$headers2 = "From: ".$from2."rn";
$headers2 .= "Reply-To: ".$from2."rn";
$headers2 .= "Return-Path: ".$from2."rn";
$headers2 .= "Content-type: text/htmlrn";
if (mail($to2,$subject2,$message2,$headers2) ) {
} else {
echo "n email couldn't be sent";
exit();
}
}
//-----------------------------------------
//----Modirator Message-----
$subject = "NEW ".$str_service." SERVICE REQUEST!";
$message .= "<html><body>";
$message .= "You have a new service request!<br>";
$message .= "Name: ".$first_name." ".$last_name."<br>";
$message .= "Email: ".$email."<br>";
$message .= "Phone: ".$phone."<br>";
$message .= "Appropriate contact time: ".$contact_time."<br>";
$message .= "Details:<br> ".$detail."<br>";
$message .= "Request ID: ".$req_id;
$message .="<br/>";
$message .="<br/>";
$message .="To modify data, <a href="http://keyjaycompound.com/admin_j.php">Head to KJC Administrative Console. </a> ";
$message .= "</body></html>";
//-----------------------------------------
//----Client Message-----
$subject2 = "Your service request has been filed!";
$message2 .= "<html><body>";
$message2 .= "To ".$first_name." ".$last_name.":<br>";
$message2 .= "Thank you for contacting me in regards to my ".$str_service." services.<br>";
$message2 .= "Your request is very important to me and I will notify you at my <br>";
$message2 .= "earliest convenience. <br/>";
$message2 .= "<br/>";
$message2 .= "<b>So what happens now?:</b>";
$message2 .= "<br/>";
$message2 .= "Please read this information carefully! This email entails full details about how my services work. ";
$message2 .= "<br/>";
$message2 .= "After your service request has been reviewed and preapproved, A personal email will be sent to ";
$message2 .= "clearly identify your request(s). Once a final agreement has been reached, your service number ";
$message2 .= "will be activated and any further information or resource requests will be sent to your email via form or business email.";
$message2 .= " Once your Service ID Number is activated, you will be able to log into the <a href="http://keyjaycompound.com/myservicerequest.php">My Service Request Console. </a>";
$message2 .= " The console will have full details in regards to the present status of the project, additional info provided by the customer, payments received, ";
$message2 .= "and more! Through this console and email, you will know everything there is to know regarding the progress of your project.";
$message2 .= "<br/>";
$message2 .= "<br/>";
$message2 .= "After your project is complete, any information in regards to your project will be held on the server for 45 days. If you do not download";
$message2 .= " your information within that time, your data will be deleted with NO chance of recovery.";
$message2 .= "<br/>";
$message2 .= "Below is your service request account information. Please keep this information in a safe place:";
$message2 .= "<br/>";
$message2 .= "<br/>";
$message2 .= "<center>";
$message2 .= "USERNAME: $email";
$message2 .= "<br/>";
$message2 .= "SERVICE ID: $req_id";
$message2 .= "<br/>";
$message2 .= "<br/>";
$message2 .= "If you have any inquires or are having trouble, please email directly to:<br/> [email protected].";
$message2 .= "<br>";
$message2 .= "<br>";
$message2 .= "<br>";
$message2 .= "<br>";
$message2 .= "Thank you for doing business!<br>";
$message2 .= "Jamaal "Key Jay" Ephriam";
$message2 .= "</body></html>";
//---------------------------------------
send_email2("KJC Website", $email,
$subject2 ,
$message2);//Send Client Message
send_email("KJC Website", "[email protected]",
$subject ,
$message);//Send Admin Message
header($locate);
//-------------------------------
mysql_close();
?>
[/CODE]
[CODE]
<?php
//Encryptor Keys
$rsak1 = [removed];//PUBLIC
$rsak2 = [removed];//PRIVATE
$gate1 = [removed];
$gate2 = [removed];
//-------------
$tryban = 3;//Tries till Ban
//GET USER IP
function getIP(){
$ip = FALSE;
if( !empty( $_SERVER["HTTP_CLIENT_IP"] ) )
$ip = $_SERVER["HTTP_CLIENT_IP"];
if( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ){
// Put the IP's into an array which we shall work with shortly.
$ips = explode( ", ", $_SERVER['HTTP_X_FORWARDED_FOR'] );
if( $ip ){
array_unshift( $ips, $ip );
$ip = false;
}
for( $i = 0; $i < count($ips); $i++ ){
if (!eregi ("^(10|172.16|192.168).", $ips[$i])) {
$ip = $ips[$i];
break;
}
}
}
return ($ip ? $ip : $_SERVER['REMOTE_ADDR']);
}
//-----------
//GET HIT URL
function selfURL(){
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
//-----------
//--------------
function ipHistoryCheck() {
$userIP = getIP();
//-------Connection Script------
require("./tmp_includesfld/db_config_user.php");
$connection = mysql_connect($db_host,$db_user,$db_password) or die("Unable to Connect to Database!");
mysql_select_db ($db_name,$connection);
//-----------------------------
$query = "SELECT * FROM banlist WHERE user_IP='$userIP'";
$result = mysql_query($query,$connection);
$row = mysql_fetch_array($result);
$fcheck = $row['ban_level'];
if ($fcheck > $tryban) {//THIS MAY NEED TO CHANGE!
header("Location: banned.php");
}
}
function intrusionGaurd (){//Validates user fault count of bad input.
session_start();
if (isset($_SESSION['VME']) == ""){
$_SESSION['VME'] = 0;
$_SESSION['SRE'] = 0;
};
//SET DATA
$userIP = getIP();
$hitURL = selfURL();
$_SESSION['VME']++;
$_SESSION['SRE'] = ($_SESSION['VME'] + 1 * 2);
$vme = $_SESSION['VME'];
//-------Connection Script------
require("./tmp_includesfld/db_config_user.php");
$connection = mysql_connect($db_host,$db_user,$db_password) or die("Unable to Connect to Database!");
mysql_select_db ($db_name,$connection);
//-----------------------------
$query = "SELECT * FROM banlist WHERE user_IP='$userIP'";
$result = mysql_query($query,$connection);
if (mysql_num_rows($result) == "") {//Basically, if an element doesn't exist
$query = "INSERT INTO banlist (user_IP,fault_cnt,page_hit,sort_num) VALUE ('$userIP','$vme','$hitURL',NULL)";
$result = mysql_query($query,$connection);
}
else {//The element does exist so we must first append to what we just got.
$row = mysql_fetch_array($result);
$fault_count = $row['fault_cnt'];
if ($vme < $fault_count){
$_SESSION['VME'] = $fault_count + 1;
$vme = $fault_count + 1;
}
$st_check = ($vme - $fault_count);//Session Tampered Check (However, only will check if VME becomes too greater).
if ($st_check != 1)//If for whatever reason, the session variable is not one less the variable value in database, BAN HIM AT MAX!
{
$query = "UPDATE banlist SET fault_cnt = 5, page_hit = '$hitURL', ban_level = 4 WHERE user_IP = '$userIP' ";
$result = mysql_query($query,$connection);
}
if ($vme > $tryban) {//If user has reached his limit, BAN HIM at MAXIMUM LEVEL
$query = "UPDATE banlist SET fault_cnt = '$vme', page_hit = '$hitURL', ban_level = 4 WHERE user_IP = '$userIP' ";
$result = mysql_query($query,$connection);
}
else {
$query = "UPDATE banlist SET fault_cnt = '$vme', page_hit = '$hitURL' WHERE user_IP = '$userIP' ";
$result = mysql_query($query,$connection);
}
}
}
//GET SESSION INFO
function getSessionInfo($usChallenge)//ADMIN ONLY!!!
{
//VALIDATE ADMIN SESSION
$hostID = "admin_j";
$hostID2 = "admin_j.php";
//---------------------
//HostID is used to identify the string we're looking for in the URL
$pre_URL = strtolower($_SERVER['HTTP_REFERER']);
if (isset($_SESSION['USR_LOGIN'])) {
//Compare String Function
function InStr($haystack, $needle)
{
$pos=strpos($haystack, $needle);
if ($pos !== false)
{
return $pos;
}
else
{
return -1;
}
}
//---------------------
$cfadmin_one = InStr($pre_URL,$hostID2);
$cfother= InStr($pre_URL,$hostID);
if (($cfadmin_one != -1)||($cfother == -1)) {//Checks if que attack is comming from front door or from outside page
//-------Connection Script------
require("./tmp_includesfld/db_config_user.php");
$connection = mysql_connect($db_host,$db_user,$db_password) or die("Unable to Connect to Database!");
mysql_select_db ($db_name,$connection);
//-----------------------------
$query = "SELECT * FROM user WHERE userName='$usChallenge'";
$result = mysql_query($query,$connection);
if (mysql_num_rows($result) == "") {//Basically, if an element doesn't exist
//User tried to fake his session by using a session name he implimented himself from another page or through a query at the
//front door.
$userIP = getIP();
$hitURL = selfURL();
$query = "INSERT INTO banlist (user_IP,fault_cnt,page_hit,sort_num,ban_level) VALUE ('$userIP',10,'$hitURL',NULL,4)";
$result = mysql_query($query,$connection);
header("Location: banned.php");
}
}
}
}
//-----------------
class cleantoHTML {
//NOTE: Make sure you have created an ESAPI object first before using
// and that you have also attached the configuration file!
//---------------
function InStr($haystack, $needle)
{
$pos=strpos($haystack, $needle);
if ($pos !== false)
{
return $pos;
}
else
{
return -1;
}
}
public function error_handeler($err_num){
if ($err_num == 0) {
intrusionGaurd ();
header("Location: servicereq.php?msg=invalid3");
exit();
}
if ($err_num == 1) {
header("Location: myservicerequest.php?msg=invalid2");
exit();
}
}
//Canonalise and Encode to HTML
public function getcano($to_val,$err) {
$encoder = ESAPI::getEncoder();
if ($to_val == "" && $err == 0) {// Dont penalize them for a blank field.
header("Location: servicereq.php?msg=invalid2");
exit();
}
$to_val_string = strtolower($to_val);
$posg = $this->InStr($to_val_string, "<script>");//Beware this string!
//----------------
try{
if (!($encoder->canonicalize($to_val_string,true)) || ($posg != -1) )
{
throw new Exception('Input is Invalid');
}
else
{
$clean_text = $encoder->canonicalize($to_val);
return $encoder->encodeForHTML($clean_text);
}
}
catch (Exception $e)
{
//echo 'Exception Caught: ' .$e->getMessage();
$this->error_handeler($err); //The user tried something
}
}
//---------------------------------------------------------
}
class maskedHTTPstringsURL {
public function doMask ($prefix_location, $form_location, $form_queries) {
$dirty_qur = $form_queries;
$clean_qur = urlencode($dirty_qur);
$clean_qur = rawurlencode($clean_qur);
$clean_qur = base64_encode($clean_qur);
return $prefix_location.$form_location.$clean_qur;
}
public function unMaskQueries () {
$self = $_SERVER["PHP_SELF"];
$query_string = $_SERVER['QUERY_STRING'];
$DECODE = base64_decode($query_string);
$DECODE = rawurldecode($DECODE);
$DECODE = urldecode($DECODE);
return $self . "?" . $DECODE;
}
// Originally written by xellisx
public function parse_query($var)
{
/**
* Use this function to parse out the query array element from
* the output of parse_url().
*/
$var = parse_url($var, PHP_URL_QUERY);
$var = html_entity_decode($var);
$var = explode('&', $var);
$arr = array();
foreach($var as $val)
{
$x = explode('=', $val);
$arr[$x[0]] = $x[1];
}
unset($val, $x, $var);
return $arr;
}
}
?>
[/CODE]
0.1.9 — BETA 5.24