Hello all. I am very new to PHP and have been given the following script to try and work out what is wrong with it. If anyone could give me some help it would be greatly apprecaited. Thanks.
<?php
/ (hopefully) a very badly written bit of PHP code some sql to go with it:
CREATE TABLE bad_script_users (id integer not null autoincrement,
username varchar(30),
passwd varchar(30),
email varchar(30),
admin varchar(20),PRIMARY KEY (id));
/
include "/lib/database.php";
error_reporting(0);
$A_TITLE='Bad scritping homesite';
function add_user()
{
global $newuser, $newpass, $email, $is_admin;
$SQL="INSERT INTO bad_script_users (username, passwd, email, admin) VALUES ($newuser, $newpass, $email, $is_admin)";
mysql_query($SQL);
}
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<link rel="stylesheet" href="3business.css">
<?php<title>$A_TITLE</title>?>
</head>
<?php if ($submit=='Add user')
{
add_user();
}
$SQL='SELECT * FROM bad_script_users WHERE username="$username"';
while($data=mysql_fetch_row(mysql_query($SQL)))
{
if ($data[2]=$passwd)
{
$enter='OK';
}
else
{
$enter='NO';
}
}
if ($enter!='NO')
{
header("Location: invalid_login.php");
}?>
<a href="http://www.slashdot.org">Slashdot</a>
<a href="http://dude:l33t@scriptkiddies.net/top_secret/warez.html">tools</a>
<a href="stuff/pictures.html">pics</a>
Welcome <?php echo $username; ?> to the Bad Scripting homepage<br>
<?php if ($data[4]!='NO')
{
print "Add a user"<br>";
print "<form method='POST' action='$PHP_SELF'><br>";
print "Username: <input type='text' name=$newuser><br>";
print "Password: <input type='text' name=$newpass><br>";
print "Email: <input type='text' name=$email><br>";
print "Administrator: <input type='text' name=$is_admin><br>";
print "<input type="SUBMIT" name="adduser" value="Add user"><br>";
}?>
