Csrf can anyone help fix

cruelity93 · March 29, 2011, 12:40pm

This is my source code :


&lt;?php 
include 'dbc.php';
session_start();
if(!checkAdmin()) {
header("Location: login.php");
exit();
}

$ret = $_SERVER['HTTP_REFERER'];

foreach($_GET as $key =&gt; $value) {
	$get[$key] = filter($value);
}

if($get['cmd'] == 'approve')
{
mysql_query("update users set approved='1' where id='$get[id]'") or die(mysql_error());
$rs_email = mysql_query("select user_email from users where id='$get[id]'") or die(mysql_error());
list($to_email) = mysql_fetch_row($rs_email);

$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = @ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path   = rtrim($login_path, '/\\\\');

$message = 
"Thank you for registering with us. Your account has been activated...

*****LOGIN LINK*****\

http://$host$path/login.php

Thank You

Administrator
$host_upper
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****
";

	@mail($to_email, "User Activation", $message,
    "From: \\"Member Registration\\" &lt;auto-reply@$host&gt;\\r\
" .
     "X-Mailer: PHP/" . phpversion());


 echo "Active";


}

if($get['cmd'] == 'ban')
{
mysql_query("update users set banned='1' where id='$get[id]' and `user_name` &lt;&gt; 'admin'");

//header("Location: $ret");  
echo "yes";
exit();

}
/* Editing users*/

if($get['cmd'] == 'edit')
{
/* Duplicate user name check */
$rs_usr_duplicate = mysql_query("select count(*) as total from `users` where `user_name`='$get[user_name]' and `id` != '$get[id]'") or die(mysql_error());
list($usr_total) = mysql_fetch_row($rs_usr_duplicate);
	if ($usr_total &gt; 0)
	{
	echo "Sorry! user name already registered.";
	exit;
	} 
/* Duplicate email check */	
$rs_eml_duplicate = mysql_query("select count(*) as total from `users` where `user_email`='$get[user_email]' and `id` != '$get[id]'") or die(mysql_error());
list($eml_total) = mysql_fetch_row($rs_eml_duplicate);
	if ($eml_total &gt; 0)
	{
	echo "Sorry! user email already registered.";
	exit;
	}
/* Now update user data*/	
mysql_query("
update users set  
`user_name`='$get[user_name]', 
`user_email`='$get[user_email]',
`user_level`='$get[user_level]'
where `id`='$get[id]'") or die(mysql_error());
//header("Location: $ret"); 

if(!empty($get['pass'])) {
$hash = PwdHash($get['pass']);
mysql_query("update users set `pwd` = '$hash' where `id`='$get[id]'") or die(mysql_error());
}

echo "changes done";
exit();
}

if($get['cmd'] == 'unban')
{
mysql_query("update users set banned='0' where id='$get[id]'");
echo "no";

//header("Location: $ret");  
// exit();

}


?&gt;

I tried to add tokens kept failing can someone help fixing it.

Topic		Replies	Views
25 XSS Please Check this Code some one Server Config security	1	1568	October 8, 2014
[n00b] mod_rewrite to prevent directory traversal attacks Server Config security	4	1907	May 14, 2012
Website Hacked...Continued Server Config security	3	1014	March 8, 2011
How to fix it? Server Config security	1	432	October 8, 2014
Lines of Code not understood PHP	10	529	July 3, 2011

Csrf can anyone help fix

Related topics