...

View Full Version : Help me secure some code



semaja2
06-21-2006, 10:33 AM
Hey guys, if anyone is willing to help me out here, could someone check over my code and help me secure it.


<?

$show = $HTTP_GET_VARS['show'];
$episode = $HTTP_GET_VARS['ep'];

if ( $show == sga ) {
$show = atlantis;
}

if ( $show == sg1 ) {
$show = stargate;
}

if ( $show == bsg ) {
$show = battlestar;
}

function get_show($show,$exact="",$episode) {

if ( !$show ) { return false; }

if ( $fp = fopen("http://www.tvrage.com/quickinfo.php?show=".urlencode($show)."&ep=".urlencode($episode)."&exact=".urlencode($exact),"r") )
{
while ( !feof($fp))
{
$line = fgets($fp,1024);
list ($sec,$val) = explode('@',$line,2);
if ($sec == "Show Name" )
{
$ret[0] = $val;
}
elseif ( $sec == "Show URL" )
{
$ret[1] = $val;
}
elseif ( $sec == "Premiered" )
{
$ret[2] = $val;
}
elseif ($sec == "Country" )
{
$ret[7] = $val;
}
elseif ( $sec == "Status" )
{
$ret[8] = $val;
}
elseif ( $sec == "Classification" )
{
$ret[9] = $val;
}

elseif ( $sec == "Latest Episode" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[3] = $ep.", \"".$title."\" aired on ".$airdate;
}
elseif ( $sec == "Next Episode" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[4] = $ep.", \"".$title."\" airs on ".$airdate;
}
elseif ( $sec == "Episode Info" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[5] = $ep.", \"".$title."\" aired on ".$airdate;
}
elseif ( $sec == "Episode URL" )
{
$ret[6] = $val;
}
}
fclose($fp);
if ( $ret[0] )
{
return $ret;
}
}
else
{
return FALSE;
}
}


$show_info = get_show($show,"0",$ep); /*moved here*/
if ( $show_info[0] == '' ) {
echo "Show not found";
}
else {
/* $show_info = get_show("$show","0","1x2"); < this was here before */


echo "Show Name : $show_info[0]Episode Information : $show_info[5]Episode URL : $show_info[6]";

if ( $show == "stargate" ) {
echo "Use !summary for a summary of this episode";
}
elseif ( $show == "atlantis" ) {
echo "Use !summary for a summary of this episode";
}
elseif ( $show == "battlestar" ) {
echo "Use !summary for a summary of this episode";
}
elseif ( $show == "scrubs" ) {
echo "Use !summary for a summary of this episode";
}
}
?>


<?php
$show = $HTTP_GET_VARS['show'];
$ep = $HTTP_GET_VARS['ep'];
$doshow = 0;


if ( $show == sga ) {
$show = atlantis;
$dosum = 1;
}

if ( $show == sg1 ) {
$show = stargate;
$dosum = 1;
}

if ( $show == bsg ) {
$show = battlestar;
$dosum = 1;
}

if ( $show == 'stargate' || $show == 'atlantis'|| $show == 'battlestar' || $show == 'scrubs' || $show == 'lost') {
$dosum = 1;
}

function get_show($show,$exact="",$episode) {

if ( !$show ) { return false; }

if ( $fp = fopen("http://www.tvrage.com/quickinfo.php?show=".urlencode($show)."&ep=".urlencode($episode)."&exact=".urlencode($exact),"r") )
{
while ( !feof($fp))
{
$line = fgets($fp,1024);
list ($sec,$val) = explode('@',$line,2);
if ($sec == "Show Name" )
{
$ret[0] = $val;
}
elseif ( $sec == "Show URL" )
{
$ret[1] = $val;
}
elseif ( $sec == "Premiered" )
{
$ret[2] = $val;
}
elseif ($sec == "Country" )
{
$ret[7] = $val;
}
elseif ( $sec == "Status" )
{
$ret[8] = $val;
}
elseif ( $sec == "Classification" )
{
$ret[9] = $val;
}

elseif ( $sec == "Latest Episode" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[3] = $ep.", \"".$title."\" aired on ".$airdate;
}
elseif ( $sec == "Next Episode" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[4] = $ep.", \"".$title."\" airs on ".$airdate;
}
elseif ( $sec == "Episode Info" )
{
list ($ep,$title,$airdate) = explode('^',$val);
$ret[5] = $ep.", \"".$title."\" aired on ".$airdate;
}
elseif ( $sec == "Episode URL" )
{
$ret[6] = $val;
}
}
fclose($fp);
if ( $ret[0] )
{
return $ret;
}
}
else
{
return FALSE;
}
}


$show_info = get_show($show,"0",$ep);
if ( $show_info[0] == '' ) {
echo "Show not found";
}
else {
if ( $show_info[5] == '' ) {
echo "Episode information not found, did you type in the correct line, try !summary help";
}
else {

/* $show_info = get_show("$show","0","1x2"); < this was here before */

echo "Show Name : $show_info[0]Episode Information : $show_info[5]Episode URL : $show_info[6]";

echo "Summary for $show $ep : ";

if ( $dosum == 1 ) {

$db = mysql_connect("localhost", "semaja2_show", showpass);

mysql_select_db(semaja2_show,$db);


$sql = "SELECT * FROM $show WHERE ep='$ep'";

$result = mysql_query($sql);

$row = mysql_fetch_array($result) ;



echo $row['summary'];

}

else {
echo "Full Summary not avalable";
}

print "\nuse !show $show to find more information about this show";
}
}
?>

lavinpj1
06-21-2006, 12:11 PM
"Secure it"? Against what? Wild animals?

semaja2
06-21-2006, 12:49 PM
Well are there any bugs or loop holes that could allow a attacker to damage the mysql database or bring down the server, simply things like that

PS. yes and wild animals....damn racoons



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum