Skip to content

Commit

Permalink
Fix Security bugs (#49)
Browse files Browse the repository at this point in the history 
* Changed all MySQLi statements to PDO objects + Minor Fixes
* Added database error page for public
* Did field verification while creating forms and converted MYSQLi statements to PDO objects
Co-authored-by: Mahalakshumi <mahav2000@gmail.com>
  • Loading branch information
@bearlike
bearlike committed Apr 26, 2020
1 parent b919d2c commit 47abf6f
Show file tree
Hide file tree
Showing 26 changed files with 923 additions and 590 deletions.
23 changes: 12 additions & 11 deletions README.md
View file
Expand Up @@ -3,12 +3,13 @@
<img src="https://i.imgur.com/w5PZAuO.png" alt="CMS For Organisations" height="250px">
<br>
</h1>
<h4 align="center">User-friendly REMS for small organisations and clubs. Form Generator, Mailer, Certificate Generator and much more :)</h4>
<h4 align="center">Responsive Resources and Event Management System for small organisations and clubs. Form Generator, Mailer, Certificate Generator and much more :)</h4>

<p align="center">
<img src="https://img.shields.io/github/last-commit/K-Kraken/REMS-For-Organisations?color=blue&style=flat-square">
<a href="/LICENSE"><img src="https://img.shields.io/github/license/K-Kraken/REMS-For-Organisations.svg?style=flat-square"></a>
<a href="https://github.com/K-Kraken/REMS-For-Organisations/issues"><img src="https://img.shields.io/github/issues-raw/K-Kraken/REMS-For-Organisations?color=red&style=flat-square"/></a>
<a href="https://github.com/K-Kraken/REMS-For-Organisations/issues"><img src="https://img.shields.io/github/issues-raw/K-Kraken/REMS-For-Organisations?color=red&style=flat-square"/></a>
<a href="https://github.com/K-Kraken/REMS-For-Organisations/releases"><img src="https://img.shields.io/github/v/tag/K-Kraken/REMS-For-Organisations?label=stable&style=flat-square"/></a>
</p>


Expand All @@ -31,18 +32,18 @@ What things you need to run the software:


### Installation

1. Create and Import the Main Database dump for **MySQL-MariaDB** from [here](/docs/files/Sample_REMS_Database.sql)
2. Create a Forms Database.
3. Copy the files from this repository to a location in the root directory of the web server
4. Rename `member/secrets.php_` to `member/secrets.php`
5. Update your database credentials, databases names (Main and Forms) and API Keys in `member/secrets.php` and `public/cds-public.php`
6. With your Web Server and MySQL server running, visit the site
1. Download the latest stable release from [here](https://github.com/K-Kraken/REMS-For-Organisations/releases)
2. Create and Import the Main Database dump for **MySQL-MariaDB** from [here](/docs/files/Sample_REMS_Database.sql)
3. Create a Forms Database.
4. Copy the files from this repository to a location in the root directory of the web server
5. Rename `member/secrets.php_` to `member/secrets.php`
6. Update your database credentials, databases names (Main and Forms) and API Keys in `member/secrets.php` and `public/cds-public.php`
7. With your Web Server and MySQL server running, visit the site
- ```
Default Username: admin
Default Password: admin
```
7. If any error occurs, check your configurations in `member/secrets.php` and `public/cds-public.php` and try again
8. If any error occurs, check your configurations in `member/secrets.php` and `public/cds-public.php` and try again



Expand Down Expand Up @@ -79,7 +80,7 @@ This tool is used to generate forms for events. Initially, the specifications of

The mailer can send automatically send emails to a specific mailing list. It supports HTML emails and comes with a pre-designed template. The parameters for the pre-defined template can be modified for the specifications of the organization. There is also a feature to create mailing lists to use with these mailers. A CSV of the emails and names has to be uploaded ana a mailing list is created.

| Bulk Mailer Interface | | Sample Sent Mail |
| Bulk Mailer Interface | Mailing List Generator | Sample Sent Mail |
| -------------------------------------------------------- | -------------------------------------------------------- | -------------------------------------------------------- |
| <img src="https://i.imgur.com/R2RJOvu.png" width="650"/> | <img src="https://i.imgur.com/NOEJiH4.png" width="650"/> | <img src="https://i.imgur.com/OvPolMF.png" width="650"/> |

Expand Down
2 changes: 1 addition & 1 deletion docs/files/Sample_REMS_Database.sql
View file
Expand Up @@ -79,7 +79,7 @@ CREATE TABLE `certificates` (
`id` int(255) NOT NULL,
`name` varchar(255) NOT NULL,
`regno` varchar(255) DEFAULT NULL,
`dept` varchar(40) DEFAULT NULL,
`dept` varchar(255) DEFAULT NULL,
`year` int(10) DEFAULT NULL,
`section` varchar(10) DEFAULT NULL,
`email` varchar(255) NOT NULL,
Expand Down
64 changes: 37 additions & 27 deletions members/activity-log.php
View file
@@ -1,32 +1,42 @@
<?php
include("header.php");
$page = 1;
$perPage = 10;;
$totalPages = 1;
if (empty($_GET['page'])) {
include("header.php");
$page = 1;
} else {
$page = $_GET['page'];
}
if (empty($_GET['perPage'])) {
$perPage = 10;
} else {
$perPage = $_GET['perPage'];
}
$conn = new mysqli($servername, $username, $password, $MainDB);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$resultc = $conn->query('select count(*) from logging where userid="' . $_SESSION['uname'] . '";');
$rowc = $resultc->fetch_row();
$countr = $rowc[0]; // Count total responses
// calculate number of pages needed
$totalPages = ceil($countr / $perPage);
// Find the starting element for the current $page
$startPage = $perPage * ($page - 1);
$sql = "select timestamp, log from logging where userid=\"" . $_SESSION['uname'] . "\" order by id desc limit " . $startPage . "," . $perPage . ";";
$logResults = $conn->query($sql);
$perPage = 10;;
$totalPages = 1;
if (empty($_GET['page'])) {
$page = 1;
} else {
$page = $_GET['page'];
}
if (empty($_GET['perPage'])) {
$perPage = 10;
} else {
$perPage = $_GET['perPage'];
}
try{
$conn = new PDO('mysql:dbname='.$MainDB.';host='.$servername.';charset=utf8', $username, $password);
$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
$message = $e->getMessage() ;
header('pages/error.php?error='.$e->getMessage());
die();
}
$resultc = $conn->prepare('select count(*) from logging where userid=:currentUser');
$resultc->bindValue(':currentUser', $_SESSION['uname']);
$resultc->execute();
$rowc = $resultc->fetch();
$countr = $rowc[0]; // Count total responses
// calculate number of pages needed
$totalPages = ceil($countr / $perPage);
// Find the starting element for the current $page
$startPage = $perPage * ($page - 1);
$sql = $conn->prepare("select timestamp, log from logging where userid=:currentUser order by id desc limit :startpage , :perpage");
$sql->bindValue(':currentUser', $_SESSION['uname']);
$sql->bindValue(':startpage', (int) $startPage, PDO::PARAM_INT);
$sql->bindValue(':perpage', (int) $perPage, PDO::PARAM_INT);
$sql->execute();
$logResults = $sql->fetchAll(PDO::FETCH_ASSOC);
?>

<html>
Expand Down
54 changes: 37 additions & 17 deletions members/cds-admin.php
View file
Expand Up @@ -9,6 +9,16 @@
$Empty_Template = "CDS_Admin/Certificate Templates/Participation.png";
$Fonts_Path = "CDS_Admin/Fonts/";
/* Directory Path Variables END */
try{
$conn = new PDO('mysql:dbname='.$MainDB.';host='.$servername.';charset=utf8', $username, $password);

$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
$message = $e->getMessage() ;
header('Location:pages/error.php?error='.$e->getMessage());
die();
}
?>
<head id="head_tag">
<meta charset="utf-8">
Expand Down Expand Up @@ -113,10 +123,7 @@ class="fa fa-upload" aria-hidden="true"></i></a>
}
}
echo "<br>";
$conn = new mysqli($servername, $username, $password, $MainDB);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error); // IF-Fail to Connect
}

if (isset($_FILES["file"])){
$foldername = explode('.', $_FILES["file"]["name"]);
// echo $foldername[0];
Expand Down Expand Up @@ -203,12 +210,19 @@ class="fa fa-upload" aria-hidden="true"></i></a>
$cert_link = $Generated_Certificate . $foldername[0] . '/Certificate-' . str_replace(" ","_",$event_name) . "_" . str_replace(" ","_",$participant_name) . "_" . $participant_id . '.png';
imagedestroy($im);
$participant_id++;
$submit_sql = "INSERT INTO `certificates` (`name`,`regno`,`dept`,`year`,`section`,`position`,`cert_link`,`event_name`,`email`) VALUES ('" . $participant_name . "','" . $registration_number . "','" . $department . "','" . $year . "','" . $section . "','" . $position . "','" . $cert_link . "','" . $event_name . "','".$email."');";
$submit_stmt = $conn->prepare($submit_sql);
if (!$submit_stmt) {
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error . "<br>";
}
$submit_stmt->execute();
//$submit_sql = "INSERT INTO `certificates` (`name`,`regno`,`dept`,`year`,`section`,`position`,`cert_link`,`event_name`,`email`) VALUES ('" . $participant_name . "','" . $registration_number . "','" . $department . "','" . $year . "','" . $section . "','" . $position . "','" . $cert_link . "','" . $event_name . "','".$email."');";
$submit_sql = $conn->prepare("INSERT INTO certificates VALUES (NULL,:participant_name,:registration_number,:department,:year,:section,:email,:position,:cert_link,:event_name)");
$submit_sql->bindValue(":participant_name",$participant_name);
$submit_sql->bindValue(":registration_number",$registration_number);
$submit_sql->bindValue(":department",$department);
$submit_sql->bindValue(":year",$year);
$submit_sql->bindValue(":section",$section);
$submit_sql->bindValue(":position",$position);
$submit_sql->bindValue(":cert_link",$cert_link);
$submit_sql->bindValue(":event_name",$event_name);
$submit_sql->bindValue(":email",$email);
$submit_sql->execute();

}
else{
$im = imagecreatefrompng($Certificate_Template.$position.".png");
Expand Down Expand Up @@ -254,20 +268,26 @@ class="fa fa-upload" aria-hidden="true"></i></a>
$cert_link = $Generated_Certificate . $foldername[0] . '/Certificate-' . str_replace(" ","_",$event_name) . "_" . str_replace(" ","_",$participant_name) . "_" . $participant_id . '.png';
imagedestroy($im);
$participant_id++;
$submit_sql = "INSERT INTO `certificates` (`name`,`regno`,`dept`,`year`,`section`,`position`,`cert_link`,`event_name`,`email`,`college`) VALUES (\"" . $participant_name . "\",\"" . $registration_number . "\",\"" . $department . "\",\"" . $year . "\",\"" . $section . "\",\"" . $position . "\",\"" . $cert_link . "\",\"" . $event_name . "\",\"".$email."\",\"".$college."\");";
$submit_stmt = $conn->prepare($submit_sql);
if (!$submit_stmt) {
echo "Prepare failed: (" . $conn->errno . ") " . $conn->error . "<br>";
}
$submit_stmt->execute();
$submit_sql = $conn->prepare("INSERT INTO certificates VALUES (NULL,:participant_name,:registration_number,:department,:year,:section,:email,:position,:cert_link,:event_name,:college)");
$submit_sql->bindValue(":participant_name",$participant_name);
$submit_sql->bindValue(":registration_number",$registration_number);
$submit_sql->bindValue(":department",$department);
$submit_sql->bindValue(":year",$year);
$submit_sql->bindValue(":section",$section);
$submit_sql->bindValue(":position",$position);
$submit_sql->bindValue(":cert_link",$cert_link);
$submit_sql->bindValue(":event_name",$event_name);
$submit_sql->bindValue(":email",$email);
$submit_sql->bindValue(":college",$college);

$submit_sql->execute();
}
if($_POST["eventType"]==0){
echo '<tr><td>' . $participant_id . ' </td><td> ' . $participant_name . '</td><td> ' . $registration_number . '</td><td> ' . $position . '</td><td> ' . $event_name . '</td><td> <a href="' . $cert_link . '">Link</a></td></tr>';
}
else {
echo '<tr><td>' . $participant_id . ' </td><td> ' . $participant_name . '</td><td> ' . $college . '</td><td> ' . $position . '</td><td> ' . $event_name . '</td><td> <a href="' . $cert_link . '">Link</a></td></tr>';
}
$submit_stmt->close();
}
fclose($handle);
}
Expand Down
44 changes: 28 additions & 16 deletions members/change-password.php
View file
Expand Up @@ -2,29 +2,38 @@
include('mainFunction.php');
include("secrets_.php");

$conn = new mysqli($servername, $username, $password, $MainDB);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
try{
$conn = new PDO('mysql:dbname='.$MainDB.';host='.$servername.';charset=utf8', $username, $password);

$conn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}catch(PDOException $e){
$message = $e->getMessage() ;
header('Location:../public/error.html');
die();
}
$gen = null;
if(isset($_GET['gen'])){
$gen = $_GET['gen'];
$check_if_done = 'SELECT count(PasswordLinkVerification("'.$gen.'"))as ifExists';
$list = $conn->query($check_if_done);
foreach ($list as $row) {
$check_if_done = $conn->prepare('SELECT count(PasswordLinkVerification(:gen)) as ifExists');
$check_if_done->bindValue(":gen",$gen);
$check_if_done->execute();
foreach ($check_if_done as $row) {
$exists = $row['ifExists'];
}
if($exists==1){
$check_validity_query = 'SELECT PasswordLinkVerification("'.$gen.'") as time_diff';
$list_time = $conn->query($check_validity_query);
foreach ($list_time as $row_time) {
$check_validity_query = $conn->prepare('SELECT PasswordLinkVerification(:gen) as time_diff');
$check_validity_query->bindValue(":gen",$gen);
$check_validity_query->execute();
foreach ($check_validity_query as $row_time) {
$key = $row_time['time_diff'];
}
if($key<1800){
}
else{
$check_validity_query = 'DELETE FROM forgot_password WHERE gen_key="'.$gen.'"';
$list = $conn->query($check_validity_query);
$check_validity_query = 'DELETE FROM forgot_password WHERE gen_key=:gen';
$check_validity_query->bindValue(":gen",$gen);
$check_validity_query->execute();
header('Location:link-expired.html');
}
}else{
Expand Down Expand Up @@ -83,14 +92,17 @@

if (isset($_POST["submit"])){
$gen = $_POST["gen"];
$get_uname_sql = 'SELECT GetUserName("'.$gen.'") as uname';
$user_name_list = $conn->query($get_uname_sql);
foreach ($user_name_list as $user_name) {
$get_uname_sql = $conn->prepare('SELECT GetUserName(:gen) as uname');
$get_uname_sql->bindValue(":gen",$gen);
$get_uname_sql->execute();
foreach ($get_uname_sql as $user_name) {
$uname = $user_name['uname'];
}
$password = $_POST['pwd_confirm'];
$update_sql = 'CALL SetPassword("'.$gen.'","'.$password.'")';
$list = $conn->query($update_sql);
$update_sql = $conn->prepare('CALL SetPassword(:gen,:password)');
$update_sql->bindValue(":gen",$gen);
$update_sql->bindValue(":password",$password);
$update_sql->execute();
echo('<div class="alert alert-success" role="alert" style="width:80%;margin-left:10%;margin-right:10%">
Password updated successfuly!
</div>');
Expand Down

0 comments on commit 47abf6f

Please sign in to comment.