SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member Rexony's Avatar
    Join Date
    Nov 2012
    Location
    Roumania
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation PHP Voting problem - Block websites

    Greetings everyone,

    I have a Voting system that requier to input username to vote and chose one of 4 websites .

    The problem i have is that on voting i give points to members, and there are people that found a way to " hack " if i can say and put forregin websites that i don't have on my voting system and they get points for voting on something i don't have .
    Here is where i got lost. I don't know how to fix it! I heard that i need to do something in config.php and don't know what!

    Here example of my config.php file :
    PHP Code:
    <?php
    //Points added for voting
    $Point 100;
    //Voting site links
    $votesite = array(
        
    "http://example-votingsite1.com",
        
    "http://example-votingsite2.com",
        
    "http://example-otingsite3.com",
        
    "http://example-votingsite4.com");
    //Time between voting, in minutes
    $time_needed "720";
    //MSSQL Connection information
    $mssql = array( 
              
    'host' => "host",
              
    'user' => "user"
              
    'pass' => "pass" 
            
    );
                
    ?>
    Those are the websites i want people to vote. But as i said, i don't know how some manage to use other websites from the ones i have and they get the points i ofer on vote.

    Any help / points are welcome .

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,185
    Mentioned
    191 Post(s)
    Tagged
    2 Thread(s)
    You didn't show any code for the inputs, sanitation/validation, or database, but can't you add an in_array somewhere?
    If you're using a text input, would not radios/checkboxes/select be better for something you want to be limited to only those choices?

  3. #3
    SitePoint Member Rexony's Avatar
    Join Date
    Nov 2012
    Location
    Roumania
    Posts
    14
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My imputs are radio type. Here is the other two codes files:

    Votenow.php
    Code:
    <?php session_start(); ?>
    <html>
    	<head>
    		<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    		<title>Points for Voting</title>
    		<style type="text/css">
    			body
    			{
    			   margin: 0;
    			}
    		</style>
    	</head>
    	<body bgcolor="#202020" text="#FFD700">
    		<?php
    			if(isset($_SESSION['error']))
    			{
    				echo "<script type='text/javascript'>alert('".$_SESSION['error']."')</script>";
    				unset($_SESSION['error']);
    			}
    		?>
    		<div id="wb_Text1" align="left">
    			<font style="font-size:11px" color="#ffffff" face="Arial">You can vote every 48 hours. 1 vote = 100 Points</font>
            </div>
    		<img src="http://www.example.com" border="0" alt="My website" >
    		<img src="http://www.example.com" border="0" alt="My website" >
    		<img src="http://www.example.com" border="0" alt="My website" >
    		<img src="http://www.example.com" border="0" alt="My website" >
    		
            <div id="container">
                <div id="wb_Form1" align="left">
                       <form name="Form1" method="post" action="vote.php" id="Form1" target="_new">
                            <div id="wb_Text1" align="left">
                                <font style="font-size:11px" color="#FFD700" face="Arial">Account name:</font>
    						</div>
                            <input type="text" id="Editbox1"  name="UserID" value="">
                            <input type="submit" id="Button1" name="Button1" value="Vote">
    						<div id="wb_Text2" align="left">
                                <font style="font-size:11px" color="#FFD700" face="Arial">Vote Site:</font>
    						</div>
    						<input type="radio" name="siteID" value="1" checked> example<br>
    						<input type="radio" name="siteID" value="2"> example<br>
    						<input type="radio" name="siteID" value="3"> example<br>
    						<input type="radio" name="siteID" value="4"> example
                        </form>
    			</div>
                </div>
    		</div>
    	</body>
    </html>
    Vote.php
    Code:
    <?php
    // Report all PHP errors (see changelog)
    error_reporting(E_ALL);
    require_once("config.php");
    session_start();
    
    $conn = odbc_connect("Driver={SQL Server Native Client 11.0};Server=".$mssql['host'].";", $mssql['user'], $mssql['pass']) or die ('Konnte keine Verbindung zur Datenbank herstellen. Bitte stellen Sie sicher, dass Sie die Login Daten für die Datenbank richtig eingegeben haben.');
    $ip = $_SERVER['REMOTE_ADDR'];
    $UserID = isset($_POST['UserID']) ? $_POST['UserID'] : '';
    $SiteID = isset($_POST['siteID']) ? intval($_POST['siteID']) : 1;
    $date = date("Y-m-d G:i");
    
    if($SiteID > count($votesite) && $SiteID <= 0)
    {
    	$SiteID = 1; //They tried to make their own ID
    }
    
    if (empty($UserID))
    {
    	$_SESSION['error'] = "You did not enter a account name! Please try again.";
    	header("location:votenow.php");
    }
    else
    {
    	$sql1 = odbc_prepare($conn, "SELECT * FROM PS_UserData.dbo.Users_Master WHERE UserID = ?");
    	odbc_execute($sql1, array($UserID));
    	$count1 = odbc_num_rows($sql1);
    
    	if($count1 == 0)
    	{
    		$_SESSION['error'] = "Account not found. Please try again.";
    		header("location:votenow.php");
    	}
    	else
    	{
    		$sql2 = odbc_prepare($conn, "SELECT * FROM PS_UserData.dbo.USER_VOTES WHERE UserID = ? AND SiteID = ?");
    		odbc_execute($sql2, array($UserID, $SiteID));
    		$count2 = odbc_num_rows($sql2);
    
    		$voted_date = odbc_result($sql2, "date");
    		$to_time = strtotime($voted_date);
    		$from_time = strtotime($date);
    		
    		if($count2 > 0)
    		{
    			if (round(abs($to_time - $from_time) / 60,2) > $time_needed)
    			{
    				$sql3 = odbc_prepare($conn, "DELETE FROM PS_UserData.dbo.USER_VOTES WHERE UserID = ? AND SiteID = ?");
    				odbc_execute($sql3, array($UserID, $SiteID));
    				$sql4 = odbc_prepare($conn, "INSERT INTO PS_UserData.dbo.USER_VOTES (UserID,ip,date,SiteID) VALUES (?,?,?,?) ");
    				odbc_execute($sql4, array($UserID, $ip, $date, $SiteID));
    				$sql5 = odbc_prepare($conn, "UPDATE PS_UserData.dbo.Users_Master SET Point = Point + ? WHERE UserID = ?");
    				odbc_execute($sql5, array($Point, $UserID));
    				header("location:".$votesite[$SiteID-1]);
    			}
    			else
    			{
    				$_SESSION['error'] = "You have already voted on that site in the past 48 hours!";
    				header("location:votenow.php");
    			}
    
    		}
    		else
    		{
    			$sql6 = odbc_prepare($conn, "SELECT * FROM PS_UserData.dbo.user_votes WHERE ip = ? AND SiteID = ?");
    			odbc_execute($sql6, array($ip, $SiteID));
    			$count3 = odbc_num_rows($sql6);
    
    			if($count3 > 0)
    			{
    				$_SESSION['error'] = "That IP has already voted on that site in the past 12 hours!";
    				header("location:votenow.php");
    			}
    			else
    			{
    				$sql7 = odbc_prepare($conn, "INSERT INTO PS_UserData.dbo.user_votes (UserID,ip,date,SiteID) VALUES (?,?,?,?)");
    				odbc_execute($sql7, array($UserID, $ip, $date, $SiteID));
    				$sql8 = odbc_prepare($conn, "UPDATE PS_UserData.dbo.Users_Master SET Point = Point + ? WHERE UserID = ?");
    				odbc_execute($sql8, array($Point, $UserID));		
    				header("location:".$votesite[$SiteID-1]);
    			}
    		}
    	}
    }
    odbc_close($conn);
    ?>

  4. #4
    SitePoint Evangelist
    Join Date
    Aug 2006
    Location
    Nantwich, Cheshire
    Posts
    413
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I'm no security expert but I cannot see how anyone could add their own site to your database via that form. You don't store the URLs in the database there, only siteID. Your range check for SiteID won't work, though, because you use '&&' instead of '||' for the out-of-bounds check (the value can never be higher and lower than the allowed range), but as the form is presenting a radio button I can't see how it would present a value out of range.

    How is the user-added site manifesting itself?
    http://www.firenza.net - my homage to a car from the 1970s


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •