Question

Я создал скрипт для удаления персонажей в моей игре. Это работает жестко. но похоже, что любой, имеющий случайный аккаунт (не владеющий персонажем), может удалить их. Он проверяет пароль правильно, пин-код и т. Д., Только он не проверяет charname, чтобы соответствовать playerID, используемому в скрипте.

Надеюсь, кто-нибудь здесь сможет мне помочь.

Это скрипт

Я уже пытался добавить проверку charname, но она находится в другой таблице, и я не могу понять, как это сделать.

Это основная страница удаления индекса

<?php
 include "config.php";
  echo $_GET['error'];
?>

<form action="delete_char.php" method="post">
  <table>
    Please enter the required information to delete your character<br><br>
    <tr><td>Character Name: <br /></td><td><input name="char_name" type="text" maxLength=10 size=13/><br />
    <tr><td>Account: <br /></td><td><input name="use" type="text" maxLength=13 size=13/><br />
    <tr><td>Password: <br /></td><td><input name="acc_pass" type="password" maxLength=10 size=13/><br />
    <tr><td>PIN: <br /></td><td><input name="pin" type="text" maxLength=6 size=13/><br />
    <tr><td colspan="2"><input type="submit" value="Ok"/></td></tr>
  </table>
</form>

Это сценарий.

<?php
  include "config.php";
  $char_name = $_POST['char_name'];
  $use = $_POST['use'];
  $acc_pass = $_POST['acc_pass'];
  $pin = $_POST['pin'];

  $con = mysql_connect($host, $user, $pass);
  mysql_select_db($db);

  $query = mysql_query("SELECT SSN, Password FROM Player WHERE PlayerID='$use'");

  $row = mysql_fetch_array($query);
  $count = mysql_num_rows($query);

  $q = mysql_query("SELECT PASSWORD('$acc_pass') AS Password");
  $p = mysql_fetch_array($q);

  if($count == "0") {
    $error = "Account not found!<hr size=2><br>";
    header("Location: delete.php?error=$error");
  }
  else {
    if($p['Password'] != $row['Password']) {
      $error = "Invalid password!<hr size=2><br>";
      header("Location: delete.php?error=$error");
    }

    if($row['LogOn'] == "GAME") {
      $error = "Account is logged on!<hr size=2><br>";
      header("Location: delete.php?error=$error");
    }

    if($pin != $row['SSN']) {
      $error = "Invalid PIN Number!<hr size=2><br>";
      header("Location: delete.php?error=$error");
    }

    else {
      $q = mysql_query("SELECT CurrentWorldID FROM Player WHERE Name = '$use'");
      $world_id = mysql_fetch_array($q);
      $world_id = $world_id['CurrentWorldID'];

      $del_query = mysql_query("DELETE FROM Slayer WHERE Name = '$char_name'");
      $del_query = mysql_query("INSERT INTO DeleteChar (PlayerID, WorldID, Name, delDate) VALUES ('$use',$world_id,'$char_name',now())");
      $del_query = mysql_query("DELETE FROM Vampire WHERE Name = '$char_name'");
      $del_query = mysql_query("DELETE FROM Ousters WHERE Name = '$char_name'");
      $del_query = mysql_query("DELETE FROM SkillSave WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireSkillSave WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersSkillSave WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM RankBonusData WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM FlagSet WHERE OwnerID='$char_name'");
      $del_query = mysql_query("DELETE FROM ARObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM BeltObject WHERE OwnerID = '$char_name");
      $del_query = mysql_query("DELETE FROM BladeObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM BloodBibleObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM BombMaterialObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM BombObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM BraceletObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CastleSymbolObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CoatObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CrossObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ETCObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventETCObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventGiftBoxObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventStarObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventTreeObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM GloveObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM HelmObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM HolyWaterObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM KeyObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM LearningItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MaceObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MagazineObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MineObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MoneyObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MotorcycleObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM NecklaceObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PotionObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM QuestItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM RelicObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM RelicObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SMGObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SRObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SerumObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ShieldObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ShoesObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SkullObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SlayerPortalItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SwordObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM TrouserObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM RingObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CoupleRingObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireAmuletObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireBraceletObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireCoatObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireETCObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireEarringObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireNecklaceObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampirePortalItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireRingObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireWeaponObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM VampireCoupleRingObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM WaterObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM DyePotionObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ResurrectItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MixingItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersArmsbandObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersBootsObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersChakramObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersCircletObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersCoatObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersPendentObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersRingObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersStoneObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersWristletObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM LarvaObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PupaObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ComposMeiObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM OustersSummonItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CodeSheetObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MoonCardObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SweeperObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PetItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PetFoodObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PetEnchantItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM LuckyBagObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SMSItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CoreZapObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM GQuestItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM GQuestSave WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM TrapItemObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CarryingReceiverObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM ShoulderArmorObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM DermisObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM PersonaObject WHERE OwnerID = '$char_name");
      $del_query = mysql_query("DELETE FROM FasciaObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MittenObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM SubInventoryObject WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM CoupleInfo WHERE FemalePartnerName = '$char_name'");
      $del_query = mysql_query("DELETE FROM CoupleInfo WHERE MalePartnerName = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectAcidTouch WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectAftermath WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectBloodDrain WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectDetectHidden WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectFlare WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectLight WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectParalysis WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectPoison WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectPoisonousHands WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectProtectionFromParalysis WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectProtectionFromPoison WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectRestore WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectYellowPoisonToCreature WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EffectMute WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EnemyErase WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM TimeLimitItems WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM EventQuestAdvance WHERE OwnerID = '$char_name'");
      $del_query = mysql_query("DELETE FROM MofusPowerPoint WHERE OwnerID = '$char_name'");

      $OK = "Character $char_name has been deleted.<hr size=2><br>";
      header("Location: delete.php?error=$OK");
    }
  }
  mysql_close($con);

Хорошо, скрипт работает нормально.

Я ожидаю, что скрипт проверяет имя Char_name, которое будет проверено с помощью PlayerID, поэтому удалить его может только владелец.

Niet the Dark Absol · Answer 1 · 16 июня 2019

header не приводит к немедленному завершению работы скрипта, даже при перенаправлении.Вам нужно exit или сделать что-то еще, чтобы предотвратить запуск следующего кода.В текущем коде значения if, проверяющие пароль, и значения LogOn устанавливают заголовок перенаправления, но не мешают выполнению кода MySQL.Это может быть решено с помощью elseif вместо этого, так что вы получите if..elseif..elseif..else(delete stuff), что должно быть хорошо.

Я хотел бы затронуть пару вещей, которые вы должны пересмотреть, однако.

Вы вводите значения непосредственно в ваш запрос.Если я отправлю свое имя персонажа как Niet' OR 1=1; --, тогда я просто pwn'd всю вашу базу данных.Давно пора обновить ваш код до PDO и использовать подготовленные операторы.
Похоже, вы используете небезопасный метод хранения паролей.Вы должны использовать password_hash() и password_verify() для защиты и проверки паролей.
Вы выполняете много запросов на удаление вручную.Это говорит о том, что ваша база данных настроена неправильно.Используйте ограничения FOREIGN KEY, чтобы каждая из этих таблиц обеспечивала правильное отношение к OwnerID, которому они принадлежат.Таким образом, при удалении (или обновлении) записи Slayer все элементы, принадлежащие этой записи, будут удалены (или обновлены).Это означает, что вы можете добавить больше позже, не забывая вернуться к этому коду и добавить его тоже.
Вы используете произвольное строковое значение (имя) в качестве ключадля ваших столов.Вместо этого у вас должно быть что-то вроде INT UNSIGNED AUTO_INCREMENT в качестве первичного ключа - в частности, это позволит вам переименовать ваш Slayer без необходимости обновлять каждую вещь, указавшую на это имя.

Надеюсь, это поможет!

Сценарий удаления

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Сценарий удаления

Пожалуйста, войдите или зарегистрируйтесь чтобы ответить на этот вопрос.

1 Ответ

Пожалуйста, войдите или зарегистрируйтесь что бы добавить комментарий.

Похожие темы