sql >> データベース >  >> RDS >> Mysql

PHP関数は1回だけ機能します

    この質問はセキュリティに関するものなので。

    mysql_*ライブラリを使用しないでください。これは、SQLインジェクション、特に使用方法に対して非常に脆弱です。そして、それは非推奨です。

    [email protected]

    コード内

    $domain = $emailsep[1];   // will equal "gmail.com"
    

    ここで、SQLインジェクションを使用してインジェクションするとします。これは、[email protected] かなり退屈ですが、今はそうではありません。

    次のコード行で多くの楽しみを味わうつもりです:

    $domaincheck = mysql_query("SELECT * FROM xxxxxxx WHERE domain = '$domain'", $link);
    

    これ をお読みください およびこれ 。

    そして、それらの医師の処方に従ってmysqliまたはpdoを使用します。

    編集:

    さて、あなたが考えていた質問に戻りましょう

    1つのphpファイル

    <?php
        date_default_timezone_set('America/New_York'); // required something here else exception below
        //error_reporting(E_ALL);
        //ini_set("display_errors", 1);
        //require '1error_2shutdown_3log.php';  // 1. err hndlr, 2. shutdown hndlr, 3. log it somehow
    
    
        $b='<br/n>';    // great name huh ?
        $b2='<br/n><br/n>'; // great name huh ?
        echo "The time is " . date("h:i:sa").$b;
        echo "s01".$b;
        try {
                echo "s02".$b."--------------------------------------------------------------------------".$b;
    
    
    
    
            //$email = $_POST['emailreg'];
            //$firstna = $_POST['firstna'];
            //$surna = $_POST['surna'];
            //$password = $_POST['passreg'];
            //$passconfirm = $_POST['passconfirm'];
            //$userpass = $email . $password;
            //$emailsep = explode("@", $email);
            //$domain = $emailsep[1];
    
            $email = "[email protected]";
            $firstna = "Drew";
            $surna = "Pierce";
            $password = "secure";
            $passconfirm = "secure";
            $userpass = $email . $password;
            $emailsep = explode("@", $email);
            $domain = $emailsep[1];
    
            $key = md5('united');   // don't use md5
            $salt = md5('united');  // don't use md5
    
            function encrypt($string, $key) {
                $b='<br/n>';    // great name huh ?
                $b2='<br/n><br/n>'; // great name huh ?
    
                # come up with a good key, beyond the scope of this Question
                $key = pack('H*', "bcb04b7e103a0cd8b54763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3"); #32 bytes
                $key_size =  strlen($key);
                echo "Key size: " . $key_size . $b; # 32, big surprise
    
                # create a random IV to use with CBC encoding
                # yes each time
                $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);    // using ECB cuz u were
                $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);          
    
                echo "in encrypt() passed <b>",$string,"</b> and <b>",$key.'</b>'.$b;
    
                $rawEncrypted=mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_ECB,$iv);
                # prepend the IV for it to be available for decryption
                $rawEncrypted = $iv . $rawEncrypted;
                $b64Encrypted= base64_encode($rawEncrypted); # <------- RIGHT HERE WE ARE DONE
    
                # basically we are done encrypting, could just return $b64Encrypted and be done with it
                # but no
    
                #########################################################################
                # lifted from manual page btw: http://php.net/manual/en/function.mcrypt-encrypt.php
                # do an assert that you can decrypt for a sanity check
                $ciphertext_dec = base64_decode($b64Encrypted);
    
                # retrieves the IV, iv_size should be created using mcrypt_get_iv_size()
                $iv_dec = substr($ciphertext_dec, 0, $iv_size);
    
                # retrieves the cipher text (everything except the $iv_size in the front)
                $ciphertext_dec = substr($ciphertext_dec, $iv_size);
    
                # may remove 00h valued characters from end of plain text
                $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $ciphertext_dec, MCRYPT_MODE_ECB, $iv_dec);
    
                echo  "Assert ... plaintext= ".$plaintext_dec .$b;
                // a real Assert would make it explode, but you get the idea
    
                #########################################################################
    
                echo "leaving encrypt() with ",$b64Encrypted.$b2;
                return $b64Encrypted;
            }
    
            echo "about to connect ...".$b;
            $link = mysql_connect('localhost', 'GuySmiley', 'mongoose');
            if (!$link) {
                die('Could not connect: ' . mysql_error());
            }
            mysql_select_db("so_gibberish", $link);
    
            $domaincheck = mysql_query("SELECT * FROM t1 WHERE domain = '$domain'", $link);
            if($domaincheck === FALSE) { 
                die(mysql_error());
            }
    
            //echo "encrypt returns: ".encrypt($email, $key).$b;
            $emailcheck = mysql_query("SELECT * FROM t2 WHERE studentemail = '".encrypt($email, $key)."'", $link);
            if($emailcheck === FALSE) { 
                die(mysql_error());
            }
    
            $dorow = mysql_fetch_array($domaincheck);
            $emailrow = mysql_fetch_array($emailcheck);
    
            // the below will explode, I don't have them, changed to echo
            if ($password == '') {
            $cause = 'Password Blank'; echo 'error.php'.$b;
            }elseif ($passconfirm =='') {
            $cause = 'Password Blank'; echo 'error.php'.$b;
            }elseif ($password != $passconfirm) {
            $cause = 'Password Mismatch'; echo 'error.php'.$b;
            }elseif ($dorow['domain'] != $domain) {
            $cause = 'Incorrect Domain'; echo 'error.php'.$b;
            }elseif ($emailrow['studentemail'] != '') {
            $cause = 'User Already Exists'; echo 'error.php'.$b;
            }
            //elseif ($dorow['licensecount'] > $dorow['licensemax']) { # commented out cuz I dont have this table
            //$cause = 'Insufficient Licences'; echo 'error.php'.$b;
            //}else {
            //}
    
            function hashword($string, $salt){
                $b='<br/n>';    // great name huh ?
                echo "in hashword()".$b;
                $string = crypt($string, '$1$' . $salt . '$');
                return $string;
            }
    
            echo "s10".$b;
            $userpass = hashword($userpass, $salt);
            echo "s11".$b;
            echo $userpass.$b;
    
            $hash = md5( rand(0,1000) );    // don't use md5, get a good RNG (random # generator)
    
            echo "s12".$b;
    $sql="INSERT INTO `xxxxxxx`.`xxxxxxx`
    (`hash`, `studentemail`, `studentfirstname`, `studentsurname`,
    `oscopetutcount`, `siggentutcount`, `mmetertutcount`, `lprobetutcount`,
    `psupplytutcount`, `oscopetest`, `siggentest`, `mmetertest`, `lprobetest`,
    `psupplytest`, `exam`, `userpass`, `ID`, `domain`, `licensecount`,
    `licensemax`, `licenceexpire`)
    
    VALUES ('$hash', '".encrypt($email, $key)."', '".encrypt($firstna, $key)."',
    '".encrypt($surna, $key)."', '0', '0', '0', '0', '0', '0', '0', '0', '0',
    '0', '0', '$userpass', NULL, '', '0', '', NULL)";
    
            echo $sql.$b;
            //$result = mysql_query($sql, $link);
    
            //$licenceadd = mysql_query("UPDATE xxxxxxx.xxxxxxx SET licensecount = licensecount +1 WHERE domain = '$domain'", $link);
    
            //if($result === FALSE) { 
            //    die(mysql_error()); 
            //}
    
            //if($licenceadd === FALSE) { 
            //    die(mysql_error()); 
            //}
    
            //include 'email.php'; 
    
            echo "near bottom".$b;
    
            mysql_close($link); 
    
    
        } catch (Exception $e) {
            echo 'Caught exception: ',  $e->getMessage(), $b;
        } finally {
            echo $b."--------------------------------------------------------------------------".$b."First finally".$b;
        }
    ?>
    

    これを実行したときにライブだったスキーマ

    create table t1
    (   id int auto_increment primary key,
        domain varchar(100) not null,
        key(domain)
    );
    insert t1(domain) values ('gmail.com'),('yahoo.com'),('ibm.com');
    
    -- drop table t2;
    create table t2
    (   id int auto_increment primary key,
        fullName varchar(80) not null,
        studentemail varchar(1000) not null
        -- key(studentemail)
    );
    -- truncate table t2;
    insert t2(fullName,studentemail) values ('Drew Pierce','who-knows');
    

    スクリーン出力:

    The time is 06:25:20pm
    s01
    s02
    --------------------------------------------------------------------------
    about to connect ...
    
    
    *** begin myLogger function ***
    lvl: 8192 | msg:mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead | file:C:\Apache24\htdocs\causes_parse_error.php | ln:82
    warn
    *** end myLogger function ***
    
    Key size: 32
    in encrypt() passed [email protected] and ��K~:صGc��U��)���^A~/�*�
    Assert ... plaintext= [email protected]
    leaving encrypt() with 7n7aTyDo4E4WvtDseUcSM3JMjKipFalVRWhPwu6P5vUdYjN9btNNPo1qlOxB+TKtwfCCr/2ctTCNPxrdVz5Egg==
    
    error.php
    s10
    in hashword()
    s11
    $1$3db1a73a$i5Pb3o2s6tV4uWDivvmLA1
    s12
    Key size: 32
    in encrypt() passed [email protected] and ��K~:صGc��U��)���^A~/�*�
    Assert ... plaintext= [email protected]
    leaving encrypt() with uXCKvAUVuBcoPxIbqpbfMZRD50Bu7XSwP75MapBct9UdYjN9btNNPo1qlOxB+TKtwfCCr/2ctTCNPxrdVz5Egg==
    
    Key size: 32
    in encrypt() passed Drew and ��K~:صGc��U��)���^A~/�*�
    Assert ... plaintext= Drew
    leaving encrypt() with 61B1AJtpaK7hx0bFSBNXr9Z0ZFIUkrQXCZcQ5D4pvySzLFfIEEB/2r2FvCLZMobUd3jWRIiyFSfLy4/qTXsT5w==
    
    Key size: 32
    in encrypt() passed Pierce and ��K~:صGc��U��)���^A~/�*�
    Assert ... plaintext= Pierce
    leaving encrypt() with /JFBohEe96R7sFnQxu+ujvgFv8WZl9Pdss+zv8tVptJk2xrZH8Pb3xjfGmWGH92W/h4aeWrPS8ICEIojKtYrgw==
    
    INSERT INTO `xxxxxxx`.`xxxxxxx` (`hash`, `studentemail`, `studentfirstname`, `studentsurname`, `oscopetutcount`, `siggentutcount`, `mmetertutcount`, `lprobetutcount`, `psupplytutcount`, `oscopetest`, `siggentest`, `mmetertest`, `lprobetest`, `psupplytest`, `exam`, `userpass`, `ID`, `domain`, `licensecount`, `licensemax`, `licenceexpire`) VALUES ('a96b65a721e561e1e3de768ac819ffbb', 'uXCKvAUVuBcoPxIbqpbfMZRD50Bu7XSwP75MapBct9UdYjN9btNNPo1qlOxB+TKtwfCCr/2ctTCNPxrdVz5Egg==', '61B1AJtpaK7hx0bFSBNXr9Z0ZFIUkrQXCZcQ5D4pvySzLFfIEEB/2r2FvCLZMobUd3jWRIiyFSfLy4/qTXsT5w==', '/JFBohEe96R7sFnQxu+ujvgFv8WZl9Pdss+zv8tVptJk2xrZH8Pb3xjfGmWGH92W/h4aeWrPS8ICEIojKtYrgw==', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '0', '$1$3db1a73a$i5Pb3o2s6tV4uWDivvmLA1', NULL, '', '0', '', NULL)
    near bottom
    
    --------------------------------------------------------------------------
    First finally
    

    基本的に、埋め込みIV(初期化ベクトル)を使用したASSERTSの出力方法に満足しています。

    データベースへの書き込みはされませんでした あなたがその領域にコメントアウトされているのを見ることができるように、この質問の問題。むしろ、それは暗号化/復号化についての質問でした。

    暗号文の受信者は、先頭にあるIVとして暗号文を復号化でき、キーを持っています。彼らが鍵を持っていないのなら、残念です。

    幸運を !そして、そのライブラリを... like ... PDOに変更します。 !




    1. PaypalIPNはサンドボックスで有効ですライブ時には無効です

    2. YiiでMySQLから最後に挿入されたIDを取得する

    3. MySQL-月間(タイムスタンプではなく)

    4. MySQLでアクセントに敏感な主キーを使用する