Greetings! This is some old code I’m now working with. Nothing is being inserted into the DB, only read from to make sure someone doesn’t use an existing username/e-mail when signing up. Is it vulnerable? Any thoughts or suggestions would be most appreciated! Thanks!
if (isset($_POST['register'])) {
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
$who = $_POST['who'];
$ip = $_POST['ip'];
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$sql_w = "SELECT * FROM xf_user WHERE username='$who'";
$res_w = mysqli_query($db, $sql_w);
$sql_u = "SELECT * FROM xf_user WHERE username='$username'";
$sql_e = "SELECT * FROM xf_user WHERE email='$email'";
$res_u = mysqli_query($db, $sql_u);
$res_e = mysqli_query($db, $sql_e);
if (empty($username)) {
$name_error2 = "<br><span class='error_msg'>Username cannot be blank!</span>";
}else if (empty($email)) {
$email_error3 = "<br><span class='error_msg'>E-mail cannot be blank!</span>";
}else if(mysqli_num_rows($res_u) > 0) {
$name_error = "<br><span class='error_msg'>Opps! This username belongs to an existing member!</span>";
}else if(mysqli_num_rows($res_e) > 0){
$email_error = "<br><span class='error_msg'>Opps! This e-mail belongs to an existing member!</span>";
}else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL, FILTER_NULL_ON_FAILURE)) {
$email_error2 = "<br><span class='error_msg'>Invalid e-mail!</span>";
}else if( mysqli_num_rows($res_w ) == 0){
$who_error = "<br><span class='error_msg'>No matching member found!!</span>";
}else if(strlen($password) < 8) {
$pass_error1 = "<br><span class='error_msg'>Password needs to be at least 8 characters!</span>";
}else if($password != $password2) {
$pass_error2 = "<br><span class='error_msg'>Passwords do not match!</span>";
}else{
$date = date('m/d/Y');
$headers = "From: zoldos <zoldos@xxxxx.net>";
$subject = "access request";
$message = "Your Submitted E-mail: $email
Choosen Username: $username
Password: $password
IP: $ip
Referred By: $who
Date requested: $date\n
Thanks for your interest in my forum! Thanks!";
mail($email, $subject, $message, $headers);
header('location: done.html');
}
}