CodingForums.com - View Single Post

countrydj · 02-09-2013, 12:50 PM

Hi Guys...
Thank you for your help.

Quote:

Originally Posted by Fou-Lu

I wouldn't indefinitely place error reporting in a production environment. The error reporting can give clues as to what type of data can be injected and is plainly visible to anyone that triggers it.
Error reporting should be enabled E_ALL on a development machine, not a production one.

As mentioned, set it at the top. If its < E_ALL to start with and you place it near the bottom, only executions in sequences below will be affected by the new level set.

It was suggested to me in a previous thread that it should be left in the script permanently.
However, I can see the point of using it in development and removing it in production.

Now for the reason for my thread. In a previous thread, somebody suggesed that if ANY errors are reported, they should be solved.:

PHP Code:


			
ini_set('display_errors', 1);

error_reporting(E_ALL);

If I set this code at the very top, I get all sorts of errors because nothing has been set:

PHP Code:


			
<?php



ini_set('display_errors', 1);

error_reporting(E_ALL);

    //Start session

    session_start();



    //Include database connection details

    require_once('config.php');



$action = $_GET['action'];

$name = $_GET['name'];

$email = $_GET['email'];

$active = $_GET['act'];

So I move the error reporting further down:

PHP Code:


			
     //Check for duplicate Subscribe ID

ini_set('display_errors', 1);

error_reporting(E_ALL);



    if($email != '') {

        $qry = "SELECT * FROM bf_users WHERE email='$email'";

        $result = mysqli_query($link, $qry);

        if($result) {

I only get 1 error:

Quote:

Notice: Undefined index: m in /home/ukzone/cws99.co.uk/html/mail/register-exec.php on line 91

Here is the offending code:

PHP Code:


			
  // create the MD5 hash 

  $secret_code = 'countrymusic_secret';

  $formatted_email = preg_replace("/(-|\@|\.)/", "", $from);

  $hashed = md5("$secret_code $formatted_email");



  // wait, are we verifying the email?

  if($_GET['m'] != "") {

    // this is validation routine

    if($hashed == $_GET['m']) {

Line 91 = if($_GET['m'] != "") {

Up to now, m has not been generated.

m is generated by:

PHP Code:


			
$hashed = md5("$secret_code $formatted_email");

and is inserted into the generated email which is sent to the subscriber for verification:

PHP Code:


			
    $mail_body = "Please DO NOT reply to this email. It is an unattended mailbox.\n\nTo validate your email address, please click the following link:\n\nhttp://cws99.co.uk/mail/register-exec.php?email=$from&act=$active&action=subscribe&name=$name&m=$hashed";



    mail($from, "Validation Email", $mail_body, "From: noreply@cws99.co.uk\n");

Now back to the reason for this thread.
I just cannot see how to resolve the problem since m hasn't been generated yet.

Any advise will be gratefully appreciated.