lundi 26 octobre 2015

Handle exception in PHP

Looking for a little help, I have a basic php index page set up on wamp.

Access able by navigating to localhost/test/ in a browser.

However when navigating to the url if I append a "'" it returns the version of apache being used and the port used for communication, which may be dangerous in the wrong hands.

Can you tell me is there a quick way to handle any unresolved urls in php to return a message of say "Incorrect URL entered"?

Im very new to this so any help would be greatly appreciated.

The code is:

<?php include "config.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://ift.tt/mOIMeg">
<html xmlns="http://ift.tt/lH0Osb">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>Insecure User Management System (Secure Programming Mark Cummins)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
 ?>

<h1>Member Area</h1>
 <p>Thanks for logging in! You are <b><?=$_SESSION['Username']?><b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p>
 <ul>
    <li><a href="logout.php">Logout.</a></li>
</ul>

<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
 $username = $_POST['username'];
$password = md5($_POST['password']);

 $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    if(mysql_num_rows($checklogin))
{
     $row = mysql_fetch_array($checklogin);
    $email = $row['EmailAddress'];

    $_SESSION['Username'] = $username;
    $_SESSION['EmailAddress'] = $email;
    $_SESSION['LoggedIn'] = 1;

     echo "<h1>Success</h1>";
    echo "<p>We are now redirecting you to the member area.</p>";
    echo "<meta http-equiv='refresh' content='2;index.php' />";
}
else
{
     echo "<h1>Error</h1>";
    echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
}
}
else
{
?>

   <h1>Member Login</h1>

   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

<form method="post" action="index.php" name="loginform" id="loginform">
<fieldset>
    <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
    <label for="password">Password:</label><input type="md5(password)" name="password" id="password" /><br />
    <input type="submit" name="login" id="login" value="Login" />
</fieldset>
</form>

   <?php
}
?>
</div>
</body>
</html>

I have tried googling but being unfamiliar with the terminology is making this near impossible.

Thank you Wayne




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)