Check on submit

system · July 20, 2015, 6:33pm

hi my website have comercial website , my problem is on the quantity post when user add the listing and when user buy the listing i want not allow in the post negative quantity -1 - 3 and 0.111111 example need to be only 1 or high if lower show a error

is the array for the quantity

<?php
$quantityList = array("infinite");
for($i=1;$i<100;$i++){
	$quantityList[] = (string)$i;
}
<?

// this is the check when Listing is add by the vendor so maybe here need to check too if the quantity insert is 1 or high and positive not allow -1 -3

if(isset($_REQUEST["quantity"]) && !in_array($_REQUEST["quantity"], $quantityList)){
					$quantity_error = "has-error";
					$quantity_error_text = "warning";
					$anyErrors = true;
				}
	[/code]			
				// here big problem members usually can choose from 1 to 99 but someone can modify the post parameters and from 1 he can make this -1 and the server make him buy for free the item 
	[code]			                       
										<div class="form-group <?=$quantity_error;?>">
											<label for="quantity">Choose quantity</label>
											<select class="form-control" id="quantity" name="quantity">
												<?php 
												foreach($quantityList as $opt){
													echo (isset($_REQUEST["quantity"])&&strtolower($_REQUEST["quantity"])==strtolower($opt))?"<option value=\"$opt\" selected=\"selected\">".ucfirst($opt)."</option>":"<option value=\"$opt\">".ucfirst($opt)."</option>";
												}
												?>

											</select>			
											<span class="help-block"><?=$quantity_error_text;?></span>
										</div>
									</div>
									
									
																		
									<?php if($item["quantity"] == "infinite" || $item["quantity"] == "inf" || $item["quantity"]>0){ ?>
										<div class="">
											<label for="quantity">Qnt in Stock:</label>
											<select class="form-control input-sm" name="quantity">
												<?php
												if($item["quantity"] == "inf"){
													for($i = 1; $i<100; $i++)
														echo "<option value='$i'>$i</option>";
												}else{
													for($i = 1; $i<$item["quantity"]+1; $i++)
														echo "<option value='$i'>$i</option>";
												}
												?>

	// this is another check but i dont really know

		<?php												
		if(isset($_REQUEST["quantity"]) && is_numeric($_REQUEST["quantity"])){
		$_SESSION["order"]["quantity"] = $_REQUEST["quantity"];
		$_SESSION["order"]["start_time"] = time();
	}
	elseif(!isset($_SESSION["order"]["quantity"]) || !is_numeric($_SESSION["order"]["quantity"]))
		$pageError = Error404();  
		?>

astonecipher · July 20, 2015, 10:34pm

[php]
<?php
if(isset($_REQUEST[“quantity”]) && $_REQUEST[“quantity”] > 0 ){
$_SESSION[“order”][“quantity”] = $_REQUEST[“quantity”];
$_SESSION[“order”][“start_time”] = time();
}
elseif(!isset($_SESSION[“order”][“quantity”]) || !is_numeric($_SESSION[“order”][“quantity”]))
$pageError = Error404();
?>
[/php]

Starn · July 21, 2015, 1:01am

thank you so much , i hope this will solve my problem im not really good in programming
this was reported to me by 1 “hacker” another issue is with the delivery options he told me he can modify the post parameters of variable from 1 to -1 and get the free shipping ? how is this possible ? please can have a look in this too

if(isset($_REQUEST["ups"]))
		$_SESSION["order"]["ups"] = $_REQUEST["ups"];

elseif(!isset($_SESSION["order"]["ups"]) || $_SESSION["order"]["ups"] == "")
		$pageError = Error404();

astonecipher · July 21, 2015, 1:55am

What is the spec for the shipping? Is it a range that needs to be looked for?

Was this built for you? I am just wondering why you are not utilizing an ecommerce system, instead of a custom solution?

Starn · July 21, 2015, 2:06am

yes its a range usually the Buyer need select 1option from 4 the hacker told me he can modify the parameters session i don’t know how he do it , but he told me this was the issues nothing more … yes the e-commerce its customized i prefer

astonecipher · July 21, 2015, 2:09am

What is the range then? 1 - 4? a - d?

Where is the original developer for your site?

Starn · July 21, 2015, 2:19am

the developer i lose the contact with him ,
the shipping options are customized
if you need more codes please tell me

astonecipher · July 21, 2015, 2:21am

I need the range that you need checked before anything can be added in. Currently, you are arbitrarily assigning whatever values are passed in. I am willing to bet you have several security holes in your system based on what you have shown so far.

Starn · July 21, 2015, 2:47am

this are the related codes who i find


<?php
        ////
if(!$anyErrors){
					$shipping = array();
					$shipping_error = "has-error";
					$shipping_error_text = "warning";
					$anyErrors = true;
					for($i = 1; $i < 5; $i++){
						$shipping[$i] = array();
						$shipping[$i]["description"] 	= $_REQUEST["shipping_desc$i"];
						$shipping[$i]["days"] 			= $_REQUEST["shipping_days$i"];
						$shipping[$i]["cost"] 			= $_REQUEST["shipping_cost$i"];
						$shipping[$i]["currency"] 		= $_REQUEST["shipping_curr$i"];
						$count = 0;
						foreach($shipping[$i] as $s){
							if(strlen($s)>0){
								$count++;
							}
						}
						if($count == 4){
							$shipping_error = "";
							$shipping_error_text = "";
							$anyErrors = false;
						} else {
							unset($shipping[$i]);
						}
					}
				}
				
		////
		
				$_REQUEST = $listing;
					$shipping_types = json_decode($listing["shipping_type"]);
					$hasValues = false;
					if(is_object($shipping_types) || is_array($shipping_types)){
						foreach($shipping_types as $k=>$v){
							if($v->description != ""){
								$hasValues = true;
							}
						}
					}
					if($hasValues){
						foreach($shipping_types as $k=>$v){
							$_REQUEST["shipping_desc$k"] = $v->description;
							$_REQUEST["shipping_days$k"] = $v->days;
							$_REQUEST["shipping_cost$k"] = $v->cost;
							$_REQUEST["shipping_curr$k"] = $v->currency;
						}
					} else {
						$shipping_types = json_decode($session_user["default_ups"]);
						if(is_object($shipping_types) || is_array($shipping_types)){
							foreach($shipping_types as $k=>$v){
								$_REQUEST["shipping_desc$k"] = !isset($_REQUEST["shipping_desc$k"])?$v->description:$_REQUEST["shipping_desc$k"];
								$_REQUEST["shipping_days$k"] = !isset($_REQUEST["shipping_days$k"])?$v->days:$_REQUEST["shipping_days$k"];
								$_REQUEST["shipping_cost$k"] = !isset($_REQUEST["shipping_cost$k"])?$v->cost:$_REQUEST["shipping_cost$k"];
								$_REQUEST["shipping_curr$k"] = !isset($_REQUEST["shipping_curr$k"])?$v->currency:$_REQUEST["shipping_curr$k"];
							}
						}
					}
				}
				
				
				<?php ShippingOption(1, $session_user["currency"], $shipping_error); ?>
				<?php ShippingOption(2, $session_user["currency"], $shipping_error); ?>
				<?php ShippingOption(3, $session_user["currency"], $shipping_error); ?>
				<?php ShippingOption(4, $session_user["currency"], $shipping_error, $shipping_error_text); ?>
				

				<?php function ShippingOption($i, $currency = "USD", $shipping_type_error = "", $shipping_type_error_text = ""){ 
global $currencyList;
?>						

		<div class="form-group <?=$shipping_type_error;?>">
			<input name="shipping_desc<?=$i;?>" class="form-control" type="text" placeholder="<?=$i;?>: write desc" value="<?=isset($_REQUEST["shipping_desc$i"])?$_REQUEST["shipping_desc$i"]:"";?>"/>
			<span class="help-block"><?=$shipping_type_error_text;?></span>
		</div>

		<div class="form-group <?=$shipping_type_error;?>">
			<input name="shipping_days<?=$i;?>" class="form-control" type="number" min="1" max="30" placeholder="Days" value="<?=isset($_REQUEST["shipping_days$i"])?$_REQUEST["shipping_days$i"]:"";?>"/>
		</div>


		<div class="form-group <?=$shipping_type_error;?>">
			<input name="shipping_cost<?=$i;?>" class="form-control" type="number" step="any" min="0" placeholder="Cost" value="<?=isset($_REQUEST["shipping_cost$i"])?$_REQUEST["shipping_cost$i"]:"";?>"/>
		</div>

		<div class="form-group <?=$shipping_type_error;?>">
			<select name="shipping_curr<?=$i;?>"class="form-control">
			<?php 
			if(isset($_REQUEST["shipping_curr$i"]) && $_REQUEST["shipping_curr$i"]!=""){
				foreach ($currencyList as $opt){ ?>
				<option value="<?=$opt;?>" <?=$_REQUEST["shipping_curr$i"]==$opt?"selected=\"selected\"":"";?>><?=$opt;?></option>
			<?php }
			} else {
			foreach ($currencyList as $opt){ ?>
				<option value="<?=$opt;?>" <?=$currency==$opt?"selected=\"selected\"":"";?>><?=$opt;?></option>
			<?php } } ?>
			</select>
		</div>

i believe need a check when the user click on Buy