Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed an SQL injection vulnerability in loggedin.php
  • Loading branch information
kirill2485 committed Nov 19, 2014
1 parent 6f7b745 commit 1c57534
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 10 deletions.
Binary file added images/theteknet.png
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
15 changes: 9 additions & 6 deletions index.php
Expand Up @@ -9,7 +9,7 @@

<html lang="en" class="no-js">
<head>
<title>TekNet Beta Registration</title>
<title>Beta Registration</title>
<meta name="description" content="TekNet Beta registration" />
<link rel="shortcut icon" href="../favicon.ico">
<link rel="stylesheet" type="text/css" href="css/default.css" />
Expand All @@ -25,7 +25,9 @@
<a href="#"><hr></a>
<header>
<div class="inner relative">
<img src="images/theteknet.png">
<div style=height:20px; padding-top:50px;"></div>

<a id="menu-toggle" class="button dark" href="#""></i></a>
<nav id="navigation">
<ul id="main-menu">
Expand All @@ -40,12 +42,12 @@
</nav>
<div class="clear"></div>
</div>
<h1>TekNet Beta Registration <span> Register to be one of the first beta users on our site</h1>
<h1>Beta Registration <span> Register to be one of the first beta users on our site</h1>
</header>
<section class="color-1">
<p class="text note-touch">Sign-ups are currrently closed. You may try using the demo version of the site by clicking "Sign in" at the top right corner, and using the provided demo account. Please enter your email and name to pre-register and receive updates on TekNet's progress.</p>
<p>
Please make sure you are over the age of 13, as it would be illegal for us to knowingly collect information from people under the age of 13. Registration is open to PAUSD students only. Scroll down for all of the FAQ's.
<br>
Please make sure you are over the age of 13, as it would be illegal for us to knowingly collect information from people under the age of 13. Registration is open to PAUSD students only. Scroll down for all of the FAQ's.
<p>
<form method="get">

Expand All @@ -57,7 +59,6 @@
</form >

<?php

$email = $_GET["email"];
$name = $_GET["name"];
$position = strpos($email,"@palo-alto.edu");
Expand All @@ -67,7 +68,6 @@
elseif($email==null){
echo "Enter your @palo-alto.edu email and your name.";
}

else{
echo "Gotcha, we will be contacting you at $email shortly. To unsubscribe, just send an email to support@theteknet.org with the word \"Unsubscribe\" in the subject line, and we will be more then happy to remove your email from recieving updates";

Expand All @@ -79,7 +79,10 @@
<section class="color-2">
<h1>What is TekNet?</h1>
TekNet is a social network created by a group of Gunn studends designed for ALL PAUSD students ages 13+. TekNet will help PAUSD students connect, make friends (especially new students), find common classes, and get help with homework.
<br>

</section>

<section class="color-3">
<h1>When is TekNet going to be released?</h1>
TekNet has no public release schedule at this time. TekNet's release depends on the demand of users that have pre-registered. If we receive at least 45 pre-registration requests, we will be released around late December to early January.
Expand Down
4 changes: 2 additions & 2 deletions login.php
Expand Up @@ -15,9 +15,9 @@
<!-- Top Navigation -->

<header>

<a href="index.php"><img src="images/theteknet.png"></a>
<div class="clear"></div>
<h1>TekNet Login <span>Welcome back, please login</h1>
<h1>Login <span>Welcome back, please login</h1>
</header>
<section class="color-1">
<p class="text note-touch">Please enter your email and password. <br>To try out this site as a demo user, please login as email: jsmith@palo-alto.edu, password: demouser</p>
Expand Down
11 changes: 10 additions & 1 deletion pages/loggedin.php
Expand Up @@ -4,13 +4,16 @@
<title>TekNet - Home</title>

</head>

<?php
include '../includeme.php';
include '../getelement.php';
include '../backendstuff/phplogin.php';

?>

<header>
<center><img src="../images/theteknet.png"></center>
<?php
echo "<h1>TekNet - Home </h1> <span>Welcome back, $email </span>";
?>
Expand All @@ -34,9 +37,14 @@

$namestatus=$con->query("SELECT name,message,postnum FROM status ORDER BY postnum");
$statusentery = $_POST[status];
$position = strpos($statusentery,"<");
if ($position === 0){
echo "Sorry, for security purposes we do not allow characters such as <";
exit;
}
if ($statusentery != null){
if ($con->query("INSERT INTO status(message, name, date, postnum) VALUES('$statusentery', '$name[0]', now(), 2)") === TRUE) {
echo "Buzz posted";
echo "<script>document.location.href='http://www.theteknet.com'</script>";
}
else {
echo "Error: " . $sql . "<br>" . $con->error;
Expand Down Expand Up @@ -73,4 +81,5 @@


?>
<br>
</body>
2 changes: 1 addition & 1 deletion version.php
@@ -1,3 +1,3 @@
<html>
TheTekNet Version 0.05 Alpha
TheTekNet Version 0.09 Alpha -- Codename: Mentos
</html>

0 comments on commit 1c57534

Please sign in to comment.