Chat room not working

[ChatRoom]

I followed this tutorial https://css-tricks.com/jquery-php-chat/
After reading it i downloaded the source code and put it up on http://myprojectwork.eu5.org/
The chat room is not working as described.It does not show any message.
Why is this happening?

[chrisburton]

@chatroom There’s a significant security flaw within the code.

[ChatRoom]

Hey chris thanks for the quick reply. I was first trying to get it working and then consider security. I have run into a problem that i can’t upload pictures, the pics get uploaded when i am using xampp. When i put the code on http://freewebhostingarea.com for testing nothing happens after uploading the pics. I am posting some code
`

if (isset($_FILES['image']['name']))
  {
    $saveto = "$user.jpg";
    move_uploaded_file($_FILES['image']['tmp_name'], $saveto);
    $typeok = TRUE;
  switch($_FILES['image']['type'])
{
  case "image/gif":   $src = imagecreatefromgif($saveto); break;
  case "image/jpeg":  // Both regular and progressive jpegs
  case "image/pjpeg": $src = imagecreatefromjpeg($saveto); break;
  case "image/png":   $src = imagecreatefrompng($saveto); break;
  default:            $typeok = FALSE; break;
}

`

[chrisburton]

If you considered security, why are you using this? Anyway, are you getting an error?

[ChatRoom]

I am getting no error. The file is just not uploaded. I have changed all permissions to 777 that does not help either.

[chrisburton]

Are you sure the errors are not logged?

[__]

Let’s take a quick look at this:

$saveto = "$user.jpg";

Is the $user variable defined anywhere? If not, your “saveto” filename is just .jpg. Also, why are you labelling the file as a jpeg when you also accept gif and ong formats (and don’t yet know which was uploaded)?

move_uploaded_file($_FILES['image']['tmp_name'], $saveto);

You’re saving the uploaded file before you do any validation. Basically, nothing matters after this point, because you have already accepted the file.

$typeok = TRUE;

What’s the point of this?

switch($_FILES['image']['type'])

Remember, the “mime type is however not checked on the PHP side and therefore don’t take its value for granted.”

$src = imagecreatefromgif($saveto);  // and fromjpg, frompng

Are you using $src for some purpose later on? as mentioned above, if this is supposed to be a security check, it’s too late.

default:            $typeok = FALSE;

What’s the point of this?

I am getting no error. The file is just not uploaded.

→ Are you sure you’re not getting an error? you’ve made sure that error reporting is enabled? you’ve checked your error logs and made sure there were no error messages output to your page source?

→ You’re sure the file is not uploaded? how did you check? Keep in mind that, if your $saveto begins with a dot, the filesystem will consider it “hidden” and not display it by default.

tl;dr: This should not be on your server. It is an open door for someone to take over.

I am also not sure if this is the same problem you originally posted about. (It would seem not.) If you’re interested in uploading files, you should do some research, start over, and then ask any specific questions.

If you’re still asking about the chat server, “there are security problems” is not an idle comment. It means, “DO NOT USE THIS.” If you want to make your own, my advice is to start without ajax (so it works via normal form submissions), and then add ajax to it once you get things figured out.

[chrisburton]

I would also add that generally when you’re aware of vulnerable code, especially when someone tells you it’s a security risk, your users won’t be too happy if their data could potentially be exposed (password, private messages).

[ChatRoom]

Its working now. I have created two accounts there. Harish and Nitish. There was a third one named test.One of you guys created that i suppose.Thanks for being so helpful.
@__ $user is set to username. for ex. harish.jpg etc. Also $typeok is set to true but then i check in switch statements if the file is in permitted formats if not i set $typeok to false. I don’t understand why is it too late. Where should i put it then?

@chrisburton How are the passwords, private messages exposed.I don’t understand that.Could you please explain how could someone access password etc. Thanx for being patient.

[chrisburton]

Look at the CSS-Tricks link you posted and then click on the updated version and read.

Also, this shouldn’t happen when users don’t exist.

[__]

$typeok is set to true but then i check in switch statements if the file is in permitted formats if not i set $typeok to false.

This is not actually what is happening. Depending on what the user claims the file type is (not the same as what the file type really is), you either set a variable named $src or change $typeok to false. Neither action seems to have any purpose (unless you make some use of them later).

I don’t understand why is it too late. Where should i put it then?

It is “too late” because you have already saved the uploaded file. (So, really, why bother checking at all?) If you do check the file type (which, as described above, you are not effectively doing now), you would need to do so before saving the uploaded file.

[ChatRoom]

How did you do it!?
traq does not exist.How can i fix it?

EDIT: Ok, i got it you changed the link to view=traq;

Any way to avoid it?

[chrisburton]

I can also add people to my friends page that don’t exist. Point: check if people exist, don’t allow people to add things to the page.

It appears you are filtering XSS attacks for your form so that’s good. Although your URL parameters would make me nervous.

[ChatRoom]

$saveto = "$user.jpg";
    move_uploaded_file($_FILES['image']['tmp_name'],"/home/vhosts/myprojectwork.eu5.org/uploads/".$saveto);
    $typeok = TRUE;

    switch($_FILES['image']['type'])
    {
      case "image/gif":   $src = imagecreatefromgif($saveto); break;
      case "image/jpeg":  // Both regular and progressive jpegs
      case "image/pjpeg": $src = imagecreatefromjpeg($saveto); break;
      case "image/png":   $src = imagecreatefrompng($saveto); break;
      default:            $typeok = FALSE; break;
    }

    if ($typeok)
    {
      list($w, $h) = getimagesize($saveto);

      $max = 100;
      $tw  = $w;
      $th  = $h;

      if ($w > $h && $max < $w)
      {
        $th = $max / $w * $h;
        $tw = $max;
      }
      elseif ($h > $w && $max < $h)
      {
        $tw = $max / $h * $w;
        $th = $max;
      }
      elseif ($max < $w)
      {
        $tw = $th = $max;
      }

      $tmp = imagecreatetruecolor($tw, $th);
      imagecopyresampled($tmp, $src, 0, 0, 0, 0, $tw, $th, $w, $h);
      imageconvolution($tmp, array(array(-1, -1, -1),
        array(-1, 16, -1), array(-1, -1, -1)), 8, 0);
      imagejpeg($tmp, $saveto);
      imagedestroy($tmp);
      imagedestroy($src);
    }
    else
    {
    imagedestory($saveto);
    }

Now i am deleting that file from my database if it is not what it is supposed to be. Is the file still a problem.

[ChatRoom]

@chrisburton the url parameters have started making me nervous too :)
Is there any site or link where i can read more about it and find my way around it? Thanks.

Hey chris i was just curious but is css-tricks your site.

[Author]

Posts