Skip to content

Commit

Permalink
Security update
Browse files Browse the repository at this point in the history
  • Loading branch information
@whotooktwarden
whotooktwarden committed Sep 11, 2015
1 parent 9aec887 commit 89201ce
Show file tree
Hide file tree
Showing 6 changed files with 191 additions and 18 deletions.
21 changes: 19 additions & 2 deletions deposit.php
View file
Expand Up @@ -57,17 +57,34 @@ function died($error) {

$error_message = "";

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

$string_exp = "/^[A-Za-z .'-]+$/";
//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}

if(is_numeric($XXXamount) == false) {

Expand Down
42 changes: 39 additions & 3 deletions withdraw.php
View file
Expand Up @@ -56,16 +56,52 @@ function died($error) {

$error_message = "";

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}


if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}



if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

$string_exp = "/^[A-Za-z .'-]+$/";

if(is_numeric($XXXamount) == false) {

$error_message .= 'The amount you entered does not appear to be valid.<br />';
Expand Down
35 changes: 28 additions & 7 deletions xd.php
View file
Expand Up @@ -51,11 +51,7 @@ function died($error) {
died('We are sorry, but there appears to be a problem with the form you submitted.');

}






$email_from = $_POST['email']; // required

$XXXamount = $_POST['XXXamount'];
Expand All @@ -64,7 +60,33 @@ function died($error) {

$error_message = "";

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}


$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';

Expand All @@ -74,7 +96,6 @@ function died($error) {

}

$string_exp = "/^[A-Za-z .'-]+$/";

if(is_numeric($XXXamount) == false) {

Expand Down
39 changes: 38 additions & 1 deletion xw.php
View file
Expand Up @@ -54,8 +54,45 @@ function died($error) {
$FName = $_POST['FName']; // required

$error_message = "";

//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}


if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}


if(!preg_match($email_exp,$email_from)) {

Expand Down
31 changes: 28 additions & 3 deletions yd.php
View file
Expand Up @@ -64,7 +64,34 @@ function died($error) {

$error_message = "";

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}


$ripple_exp = '/^r[rpshnaf39wBUDNEGHJKLM4PQRST7VWXYZ2bcdeCg65jkm8oFqi1tuvAxyz]{27,35}$/';

Expand All @@ -74,8 +101,6 @@ function died($error) {

}

$string_exp = "/^[A-Za-z .'-]+$/";

if(is_numeric($XXXamount) == false) {

$error_message .= 'The amount you entered does not appear to be valid.<br />';
Expand Down
41 changes: 39 additions & 2 deletions yw.php
View file
Expand Up @@ -55,15 +55,52 @@ function died($error) {

$error_message = "";

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/';
//Clean the name fields of any symbols, whitespace, or digits or error out
$name_exp = '/\W{1,}/';
if(preg_match($name_exp,$first_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}


if(preg_match($name_exp,$last_name)) {
$error_message .= "Name fields: Use letters. No symbols or digits or whitespace.";
}

$email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.([comcanetco.ukCOMCANETCO.UK]{2,3})$/';
$string_exp = "/^[A-Za-z .'-]+$/";
$amount_exp = '/[0-9]{1,6}/';

//If the email address is not from a .com, .ca, .net, or a .co.uk domain, then generate this error
if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

//Clean the amount data
if(preg_match($string_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use letters. No symbols or digits. Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to FName.');
}

if(!preg_match($amount_exp,$XXXamount)) {
$httpFowarded = $_SERVER['HTTP_X_FORWARDED_FOR'];
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$error_message .= 'Use digits! No symbols or letters! Value can only be 1 to 6 digits in length!';
$error_message .= 'Logging your IP address now: <br />'.$remoteAddress.' + '.$httpForwarded.' ';
//die('$remoteAddress and $httpForwarded captured due to bad data inputted to NXTamount.');
}



if(!preg_match($email_exp,$email_from)) {

$error_message .= 'The Email Address you entered does not appear to be valid.<br />';

}

$string_exp = "/^[A-Za-z .'-]+$/";

if(is_numeric($XXXamount) == false) {

Expand Down

0 comments on commit 89201ce

Please sign in to comment.