[Tool/Web/Other] UCP 0.1 - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Tools and Files (https://sampforum.blast.hk/forumdisplay.php?fid=82)
+---- Thread: [Tool/Web/Other] UCP 0.1 (/showthread.php?tid=250438)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Filterscripts (https://sampforum.blast.hk/forumdisplay.php?fid=17)
+---- Forum: Tools and Files (https://sampforum.blast.hk/forumdisplay.php?fid=82)
+---- Thread: [Tool/Web/Other] UCP 0.1 (/showthread.php?tid=250438)
Pages:
1
2
UCP 0.1 - Gigi-The-Beast - 23.04.2011
Hey guys
Last night I started making an UCP System for my server, so I wanted to discuss with you the possible security issues with the code. It is consisted from 3 files, index.php, connect.php and login.php.
Please don't mind the current layout because it is only a work in progress, I am just interested in the possible security issues.
index.php
Код:
<html> <head><title>Balkan Underground UCP</title></head> <body> <form action="login.php" method="post"> <table align="center"> <tr> <td align="center"> <b><font size="4" color="#000080">Balkan Underground UCP</font></b> </td> </tr> <tr align="center"> <td> <p><input type="text" name="User" size="20" /></p> <p><input type="password" name="Password" size="20" /></p> </td> </tr> <tr> <td align="center"> <p><input type="submit" /> <input type="reset" /> </p> </td> </tr> </table> </form> </body> </html>
Код:
<?php
$con = mysql_connect("localhost","testuser","*********");
mysql_select_db("testuser");
?>
Код:
<?php
include("connect.php");
session_start();
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if(isset($_SESSION["Username"]))
{
$user = $_SESSION["Username"];
$pass = $_SESSION["Password"];
}
else
{
$user = $_POST["User"];
$pass = $_POST["Password"];
$_SESSION['Username'] = $user;
$_SESSION['Password'] = $pass;
$escuser = mysql_real_escape_string($user);
$escpass = mysql_real_escape_string($pass);
}
$query = "SELECT * FROM users WHERE pUsername = '$escuser'";
$result = mysql_query($query);
$username_exist = mysql_num_rows($result);
if($username_exist == 0)
{
echo 'That profile does not exist! <br />';
echo '<a href="index.php">Idi nazad</a>';
unset($_SESSION['Username']);
unset($_SESSION['Password']);
die;
}
$row = mysql_fetch_row($result);
if($row[2] !== $escpass)
{
echo 'Password is not valid! <br />';
echo '<a href="index.php">Idi nazad</a>';
unset($_SESSION['Username']);
unset($_SESSION['Password']);
die;
}
$message = "Welcome $escuser!<br />";
echo $message;
echo "<br />";
echo "
<table border = 1>
<tr>
<td>Level</td>
<td>$row[7]</td>
</tr>
<tr>
<td>Expirience</td>
<td>$row[8]</td>
</tr>
<tr>
<td>Hours Played</td>
<td>$row[9]</td>
</tr>
<tr>
<td>Money</td>
<td>$$row[10]</td>
</tr>
<tr>
<td>Bank</td>
<td>$$row[11]</td>
</tr>
</table>";
?>
User: demo
Pass: demo
Re: UCP 0.1 - [ADC]Aldi96 - 23.04.2011
what's this !!!!!!!!!!!!!
Re: UCP 0.1 - Sensitive - 23.04.2011
This is a UCP where people can see their stats
Re: UCP 0.1 - Oliverraisk - 23.04.2011
It might have future. 1st of all do some graphics, then move on to admin cp, where admins can change users stats passwords, etc.
Edit: Haha lol, bu-rp.info, kinda funny
Re: UCP 0.1 - Gigi-The-Beast - 23.04.2011
Quote:
|
Originally Posted by Oliverraisk
 Edit: Haha lol, bu-rp.info, kinda funny
|
Re: UCP 0.1 - XFlawless - 23.04.2011
PHP код:
function sanitizeString($var){
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
PHP код:
function sanitizeSQL($var){
$var = mysql_real_escape_string($var);
$var = sanitizeString($var);
return $var;
}
These codes are efficient and enhances security against SQL and XSS attacks.
If you want more security against passwords use this technique:
PHP код:
$Salt1 = "#$@#%#$!@$@#1234223233";
$Salt2 = "#*$(#@$&AJDSU#341224334";
$Hash = md5("$Salt1$password$Salt2");
Re: UCP 0.1 - Gigi-The-Beast - 23.04.2011
thank you very much xFlawless, I expected your answer
Re: UCP 0.1 - TheArcher - 23.04.2011
Nice UCP but you should add some graphic on it
Re: UCP 0.1 - Gigi-The-Beast - 23.04.2011
yea, I know, it's only in 0.1
last night i started developing, when I add more stuff, I'll release it here
thank you for your comment
Re: UCP 0.1 - XFlawless - 23.04.2011
No problem, check my post i edited it.
Re: UCP 0.1 - Gigi-The-Beast - 23.04.2011
niiice, very clever
Re: UCP 0.1 - TheArcher - 23.04.2011
Yes, but the people needs to modify something in the script like pUsername depends what they have in script
Re: UCP 0.1 - Gigi-The-Beast - 23.04.2011
this is not released yet to be used by the public, i've opened this topic to get usefull info about better security than the one that has been implemented in the curent script
Re: UCP 0.1 - royal_king - 23.04.2011
Can you please post all files by compressing them in a .rar or .zip and upload and share? or you just want help in coding that for you created topic?
Re: UCP 0.1 - XFlawless - 23.04.2011
Quote:
|
Originally Posted by royal_king
Can you please post all files by compressing them in a .rar or .zip and upload and share? or you just want help in coding that for you created topic?
|
Re: UCP 0.1 - LoLaMan - 24.04.2011
add .db file
Re: UCP 0.1 - TheArcher - 24.04.2011
read above guys:
Quote:
|
Originally Posted by Gigi-The-Beast
this is not released yet to be used by the public, i've opened this topic to get usefull info about better security than the one that has been implemented in the curent script
|
Re: UCP 0.1 - CODMW5 Owner - 24.04.2011
Can you post another demo link?
Re: UCP 0.1 - NicoBellic - 24.04.2011
Nice work but why don't you use a MVC framework? It can semplify your life a lot
Re: UCP 0.1 - Gigi-The-Beast - 25.04.2011
can you explain a bit more?