Please help me solve this code issue

Hello Friends, Can you please help me out solving this code issue. The main issue is the refferal assigning. No matter from what affiliate url i try to sign up the registration page only assign the user to “userid 1” instead of the real user id. Also, Please let me know if there are any security issues i this code. If yes how can i make it more secure. Below is the registration page code. Please have a look:


<?php
if (isset($_GET['ref'])) {
$ref = $_GET['ref'];
$rrr = mysql_fetch_array(mysql_query("SELECT id FROM users WHERE username='".$ref."'"));
}else{
$rrr = 0;
}

if($_POST){

$username = mysql_real_escape_string($_POST["username"]);
$pass1 = mysql_real_escape_string($_POST["password1"]);
$pass2 = mysql_real_escape_string($_POST["password2"]);
$email = mysql_real_escape_string($_POST["email"]);
$country = mysql_real_escape_string($_POST["country"]);
$phone = mysql_real_escape_string($_POST["phone"]);

$err1 = 0;
$err2 = 0;
$err3 = 0;
$err4 = 0;
$err5 = 0;
$err6 = 0;
$err7 = 0;



if(trim($username)=="")
      {
$err1=1;
}

if(trim($email)=="")
      {
$err2=1;
}

if($pass1!=$pass2)
      {
$err3=1;
}

if(strlen($pass1)<="3")
      {
$err4=1;
}

$nnn = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM users WHERE username='".$username."'"));

if($nnn[0]>="1")
      {
$err5=1;
}

$eee = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM users WHERE email='".$email."'"));

if($eee[0]>="1")
      {
$err6=1;
}

$ppp = mysql_fetch_array(mysql_query("SELECT COUNT(*) FROM users WHERE phone='".$phone."'"));

if($ppp[0]>="1")
      {
$err7=1;
}
if($rrr[0]=="1" || $rrr[0]==""){
  $r = 0;
}else{
  $r = $rrr[0];
}

$error = $err1+$err2+$err3+$err4+$err5+$err6+$err7;


if ($error == 0){

$passmd = md5($pass1);


$res = mysql_query("INSERT INTO users SET username='".$username."', email='".$email."', password='".$passmd."', phone='".$phone."', country='".$country."', ref='".$r."'");

if($res){
	echo "<div class=\"alert alert-success alert-dismissable\">
<button type=\"button\" class=\"close\" data-dismiss=\"alert\" aria-hidden=\"true\">&times;</button>	

Register Completed Successfully!

A big one only a few lines in.

Never put raw user input straight into a query, it’s wide open to SQL Injection.

The best thing I can recommend to fix this is to update your code and methods. The mysql api has been removed from php and is now completely obsolete, if a server runs php7 (which it should these days) it will not work at all.
You should be using either mysqli or my preference PDO to connect to your database. Both these have the ability to use Prepared Statements which can help guard against sql injection, among other advantages.

2 Likes

Hello, Thank you for your kind answer but can you please let me know how can i change the code so that it will assign the correct “ref” instead of just assigning every user under “user 1” . Also, It would be great if you can suggest some code modification to make this existing code more secure as this script is purchased and i am not very much expert in modifying codes.

Can you show the html where you call this code from? Specifically I find it strange that you use both $_GET and $_POST arrays to get information from the form. It can be done, of course, but I wondered whether it was intentional.

The best way to improve security is as @sama74 said, switch to PDO instead and use prepared statements.

:scream: You paid for this??

Ask for your money back! It’s outdated, insecure and not fit for purpose.
I don’t think it’s a case for modifying more a start from scratch thing.

4 Likes

Hello, You can check the registration page here : https://deadliestbtc.win . Also, Can you please help me out how to modify the code so that it can assign the orginal affiliate instead of assigning all referrals to user id 1 or just 0?

Thank you

Yes, get your money back. This is VERY, VERY bad code. It cannot be “fixed”.

This?

 <form method="post" action="signup">
     <h3 class="nomargin">Sign Up</h3>
     <p class="mt5 mb20">Already have an Account? <a href="https://deadliestbtc.win/signin"><strong>Sign In</strong></a></p>
     <input type="text" class="form-control uname" name="username" placeholder="Username" />
     <input type="text" class="form-control email" name="email" placeholder="Email" />
     <input type="text" class="form-control phn" name="phone" placeholder="Mobile eg: 8801XXXXXXXXX" />
     <select class="form-control input-lg"  name="country">
        <option Value="USA">USA</option>
        <option Value="CANADA">CANADA</option>
        <option Value="UK">UK</option>
        <option Value="AUSTRALIA">AUSTRALIA</option>
        <option Value="GERMANY">GERMANY</option>
        <option Value="OTHER">OTHER</option>
      </select>
      <input type="password" class="form-control pword" name="password1" placeholder="Password" />
      <input type="password" class="form-control pword" name="password2" placeholder="Retype Password" />
      <button class="btn btn-success btn-block">Sign Up</button>
</form>

Note that the form’s method attribute value is “post”. and not “get”.
So this block of PHP code will always assign the value of zero to the $rrr variable, unless there is other code sending GET that you haven’t shown

if (isset($_GET['ref'])) {
$ref = $_GET['ref'];
$rrr = mysql_fetch_array(mysql_query("SELECT id FROM users WHERE username='".$ref."'"));
}else{
$rrr = 0;
}
2 Likes

My guess is that if it’s a sign-up from a referral site, perhaps the action tag is different. But it is just a guess, only the OP can confirm. If not, then mystery solved - the forum sends all data as POST, and there isn’t a form field called “ref” anywhere in the form.

Another weird thing with $rrr is that sometimes it’s an array as the result of mysql_fetch_array(), and sometimes it’s a variable as in $rrr = 0, but in the check it’s always assumed to be an array.

I know it must be frustrating that no-one is just doing that, but using these obsolete libraries to access your database is something that most have gone away from, and probably don’t really remember without spending time looking them up. There would then be the issue that a forum contributor appears to be advising you to carry on using old code, even though it has security implications. For any general site that is an issue, but for a betting site which presumably has some financial dealings with customers, that’s a serious mistake.

And finally, you’ve paid someone for a product which should work, why can’t they answer the questions you have? That’s what the money was for.

2 Likes

This way you are inserting only ID of refferal from url to “users” table.

Yours script taking ID from url with GET method and you are using POST data.

Try to put before last query var_dump($_GET); to see what you will get, same for var_dump($_POST);

Also this is not correct SELECT id FROM users WHERE username='".$ref.", you are taking ID and comparing with USERNAME normally it won’t work.

Use SELECT id FROM users WHERE id='".$ref." so compare ID’s from url with ID in database.

But most probably you problem is in first query, just change “username” to “id” and it will work.

Also adding error reporting to query itself will help

I wondered about that, but as we don’t know what the OP is passing in, or what the table structure is, I figured it might be OK.

Not want you want to hear. But HTML that calls in shiv and has IE conditional comments and has empty element pairs suggests that not only the PHP code should be scrapped (save a backup) but the HTML as well.

I understand that “patching” might seem like the easier way to fix things, but if it were me I would seriously consider starting fresh. Starting with getting the HTML up to snuff.

Not that you would need to update everything at once. But any time you touch a file would be a good time to fix the file properly instead of patching it.

Thank you friends for all your kind reply but it seems that i have to leave this project because of this script code until i get some better alternative :frowning:

you can change your mysql extension with mysqli extension
mysql extension was deprecated for php 5.5x
check this
http://php.net/manual/en/migration55.deprecated.php

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.