Security not working

the php code at line 50 - 118:

php:

<?php require_once("webassist/security_assist/wa_cryptencryption.php"); ?>

<?php require_once('Connections/beeritual.php'); ?>

<?php require_once("webassist/form_validations/wavt_scripts_php.php"); ?>

<?php require_once("webassist/form_validations/wavt_validatedform_php.php"); ?>

<?php require_once( "webassist/security_assist/helper_php.php" ); ?>

<?php require_once("webassist/database_management/wa_appbuilder_php.php"); ?>

<?php 

if (isset($_POST["Registration_submit"]))  {

  $WAFV_Redirect = "".(htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES))  ."?invalid=true";

  $_SESSION['WAVT_registration_Errors'] = "";

  if ($WAFV_Redirect == "")  {

    $WAFV_Redirect = $_SERVER["PHP_SELF"];

  }

  $WAFV_Errors = "";

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Email"])?$_POST["Registration_group_Email"]:"") . "",true,1);

  $WAFV_Errors .= WAValidateUnique(("beeritual"),$beeritual,$database_beeritual,"pcms2_users","UserID","none,none,NULL","".((isset($_SESSION["SecurityAssist_UserID"]))?$_SESSION["SecurityAssist_UserID"]:"0")  ."","UserEmail","',none,''","".((isset($_POST["Registration_group_Email"]))?$_POST["Registration_group_Email"]:"")  ."",true,2);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Password"])?$_POST["Registration_group_Password"]:"") . "",true,3);

  $WAFV_Errors .= WAValidateEL((isset($_POST["Registration_group_Password"])?$_POST["Registration_group_Password"]:"") . "",6,500,true,4);

  $WAFV_Errors .= WAValidateLE((isset($_POST["Registration_group_Confirm"])?$_POST["Registration_group_Confirm"]:"") . "",(isset($_POST["Registration_group_Confirm"])?$_POST["Registration_group_Confirm"]:"") . "",true,5);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_First_Name"])?$_POST["Registration_group_First_Name"]:"") . "",true,6);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Last_Name"])?$_POST["Registration_group_Last_Name"]:"") . "",true,7);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_Address"])?$_POST["Registration_group_Address"]:"") . "",true,8);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_City"])?$_POST["Registration_group_City"]:"") . "",true,9);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_State"])?$_POST["Registration_group_State"]:"") . "",true,10);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_10_Zip"])?$_POST["Registration_group_10_Zip"]:"") . "",true,11);

  $WAFV_Errors .= WAValidateRQ((isset($_POST["Registration_group_1_Phone"])?$_POST["Registration_group_1_Phone"]:"") . "",true,12);

  $WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["Security_Code"])?$_POST["Security_Code"]:"")) . "",((isset($_SESSION["captcha_Security_Code"]))?strtolower($_SESSION["captcha_Security_Code"]):"") . "",true,13);

  $WAFV_Errors .= WAValidateLE((strtolower(isset($_POST["Security_Answer"])?$_POST["Security_Answer"]:"")) . "",((isset($_SESSION["random_answer"]))?strtolower($_SESSION["random_answer"]):"") . "",true,14);

  $WAFV_Errors .= WAValidateRX((isset($_POST["Hidden_Field"])?$_POST["Hidden_Field"]:"") . "","/.* /",false,15);



  if ($WAFV_Errors != "")  {

    PostResult($WAFV_Redirect,$WAFV_Errors,"registration");

  }

}

?>

<?php 

// WA DataAssist Insert

if ((isset($_POST["Registration_submit"]) && $_POST["Registration_submit"] != "")) // Trigger

{

  $WA_connection = $beeritual;

  $WA_table = "pcms2_users";

  $WA_sessionName = "SecurityAssist_UserID";

  $WA_redirectURL = "login.php?success=1";

  if (function_exists("rel2abs")) $WA_redirectURL = $WA_redirectURL?rel2abs($WA_redirectURL,dirname(__FILE__)):"";

  $WA_keepQueryString = true;

  $WA_fieldNamesStr = "UserEmail|UserPassword|UserFirstName|UserLastName|UserAddress|UserAddress2|UserCity|UserState|UserZip|UserCountry|UserPhone|UserFax";

  $WA_fieldValuesStr = "".((isset($_POST["Registration_group_Email"]))?$_POST["Registration_group_Email"]:"")  ."" . $WA_AB_Split . "".((($_POST["Registration_group_Password"] != ""))?WA_CryptEncryption($_POST["Registration_group_Password"]):$row_SecurityAssistpcms2users["UserPassword"])  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_First_Name"]))?$_POST["Registration_group_First_Name"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Last_Name"]))?$_POST["Registration_group_Last_Name"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Address"]))?$_POST["Registration_group_Address"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_Address_2"]))?$_POST["Registration_group_Address_2"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_City"]))?$_POST["Registration_group_City"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_State"]))?$_POST["Registration_group_State"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_10_Zip"]))?$_POST["Registration_group_10_Zip"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_11_Country"]))?$_POST["Registration_group_11_Country"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_1_Phone"]))?$_POST["Registration_group_1_Phone"]:"")  ."" . $WA_AB_Split . "".((isset($_POST["Registration_group_1_Fax"]))?$_POST["Registration_group_1_Fax"]:"")  ."";

  $WA_columnTypesStr = "',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''|',none,''";

  $WA_fieldNames = explode("|", $WA_fieldNamesStr);

  $WA_fieldValues = explode($WA_AB_Split, $WA_fieldValuesStr);

  $WA_columns = explode("|", $WA_columnTypesStr);

  $WA_connectionDB = $database_beeritual;

  mysql_select_db($WA_connectionDB, $WA_connection);

  @session_start();

  $insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);

  $WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";

  $MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());

  $_SESSION[$WA_sessionName] = mysql_insert_id($WA_connection);

  if ($WA_redirectURL != "")  {

    $WA_redirectURL = str_replace("[Insert_ID]",$_SESSION[$WA_sessionName],$WA_redirectURL);

    if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {

      $WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];

    }

    header("Location: ".$WA_redirectURL);

  }

}

?>

<?php 

require_once("webassist/security_assist/wa_cryptencryption.php"); ?>

should be at line 1 of the page, this php code needs to come before the HTML code on your page.

In fact this page is very badly formatted altogether.

there is a doctype, <head> and <body section started at lines 1 - 49 and a second doctype, <head> and <body> section started at lines 118 - 135. this is not valid HTML. having the 2 doctype tags in place is probably why the Security assist code was placed incorrectly

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

8/01/2012 11:19 amJason ByrnesWebAssist

Build websites with a little help from your friends

Build websites from already-built web applications

Want your website pre-built and hosted?

Everything else!

U.S. 858.201.4911 | International +1.858.201.4911

We've earned your trust.

Connect with us.

Post a question as