Bewerbungs Formular versendet keine Mail?


Shorty1968

Erfahrenes Mitglied
#1
Hallo,
ich habe für mein wBB 2 (WoltLab Burning Board) ein Bewerbungs Formular Hack,bei dem wird aber leider keine Mail versendet und ich kann den Fehler nicht finden.
Code:
<?php

require './global.php';
require './acp/lib/config.inc.php';
require './acp/lib/class_parse.php';
require './acp/lib/options.inc.php';

if (isset($_REQUEST['page'])) {
    $page = intval($_REQUEST['page']);
} else {
    $page = 0;
}

function get_next_page() {
    global $db, $n;
    $sql = "SELECT page FROM bb" . $n . "_bewerbungsformular_fields GROUP BY page ORDER BY page ASC, ID ASC;";

    $result = $db->query($sql);
    $pagecount = 0;
    while ($row = $db->fetch_array($result)) {
        if ($pagecount + 1 == $row['page']) {
            $pagecount++;
        } else {
            break;
        }
    }
    return $pagecount + 1;
}

$lang->load("BEWERBFRM");
$bewerbungsformular_options_db = $db->query_first("SELECT * FROM bb" . $n . "_bewerbungsformular_options;");
$count = 0;

// save data tmp
if ($page > 1) {
    $hiddenfields = '';
    if (isset($_POST['sendfield']) && count($_POST['sendfield']) > 0) {
        foreach ($_POST['sendfield'] as $key => $value) {
            $hiddenfields .= "<input type='hidden' name='sendfield[{$key}]' value='{$value}' />\n";
        }
    }
}

// check if Bewerbungsformular is online
if ($bewerbungsformular_options_db['isonline'] == 1) {
    if ($page == 0) {
        // Startseite
        $tupelclass1 = getone($count++, "tablea", "tableb");
        $tupelclass2 = getone($count++, "tablea", "tableb");
        $fieldname = $bewerbungsformular_options_db['startpage_left'];
        $fieldcontent = $bewerbungsformular_options_db['startpage_right'];
        eval("\$bewerbungsformular_field_bit .= \"" . $tpl->get('bewerbungsformular_field_bit') . "\";");
    } elseif ($page == get_next_page()) {
        // last page

        // 1) check all params set in post
        $sql_query = "SELECT COUNT(ID) AS Anzahl FROM bb" . $n . "_bewerbungsformular_fields WHERE required='1';";
        $count_fields = $db->query_first($sql_query);
        // 2) send all data via mail
        $mailtext = "Hallo, \n\nes gibt eine neue Bewerbung!\n\n\nFolgende Angaben wurden gemacht:\n";
        $subject = "Neue Bewerbung im Forum!";
        foreach ($_POST['sendfield'] as $key => $value) {
            $mailtext .= $key . ": " . htmlspecialchars($value, ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "\n";
        }

        //mail versenden
        $mime_boundary = "-----=" . md5(uniqid(mt_rand(), 1));

        $mail_header = "From:" . $adminmail . "<" . $adminmail . ">\n";
        $mail_header .= "Reply-To: " . $adminmail . "\n";

        $mail_header .= "MIME-Version: 1.0\r\n";
        $mail_header .= "Content-Type: multipart/mixed;\r\n";
        $mail_header .= " boundary=\"" . $mime_boundary . "\"\r\n";

        $mail_content = "This is a multi-part message in MIME format.\r\n\r\n";
        $mail_content .= "--" . $mime_boundary . "\r\n";
        $mail_content .= "Content-Type: text/html charset=\"iso-8859-1\"\r\n";
        $mail_content .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
        $mail_content .= $mailtext . "\r\n";

        // todo: die konfig muss irgendwo herkommen
        include './bewerbungsformular_config.php';
        if (mail($mail_to_me, $subject, $mail_content, $mail_header)) {
            $success = $lang->items["LANG_BEWERBFRM_INDEX_3"];
            eval("\$tpl->output(\"" . $tpl->get("bewerbungsformular_success") . "\");");
            die();
        } else {
            $error = $lang->items["LANG_BEWERBFRM_INDEX_2"];
            eval("\$tpl->output(\"" . $tpl->get("bewerbungsformular_error") . "\");");
            die();
        }
    } else {
        // Im Formular
        $sql_query = "SELECT * FROM bb" . $n . "_bewerbungsformular_fields WHERE page='" . $page . "'ORDER BY ID ASC;";
        $result = $db->query($sql_query);
        while ($row = $db->fetch_array($result)) {
            $id = intval($row['ID']);
            $tupelclass1 = getone($count++, "tablea", "tableb");
            $tupelclass2 = getone($count++, "tablea", "tableb");
            $fieldname = htmlspecialchars($row['fieldname'], ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1');

            if ($row['required'] == 1) {
                $required = "required";
            } else {
                $required = "";
            }

            switch (intval($row['fieldtype'])) {
                case 1:
                    // Dropdown
                    $dropdown_options = explode("\n", $row['fieldcontent']);
                    $fieldcontent = "<select name='sendfield[{$id}]' {$required}>\n";
                    foreach ($dropdown_options as $dropdown_option) {
                        $fieldcontent .= "<option>" . htmlspecialchars(str_replace("\n", '', $dropdown_option), ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "</option>\n";
                    }
                    $fieldcontent .= "</select>\n";
                    break;

                case 2:
                    // Number
                    $fieldcontent = "<input type='number' value='" . intval($row['fieldcontent']) . "' name='sendfield[{$id}]' {$required}>\n";
                    break;

                case 3:
                    // Text
                    $fieldcontent = "<input type='text' value='" . htmlspecialchars($row['fieldcontent'], ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "' name='sendfield[{$id}]' {$required}>\n";
                    break;

                case 4:
                    // Textarea
                    $fieldcontent = "<textarea name='sendfield[{$id}]' {$required}>" . htmlspecialchars($row['fieldcontent'], ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "</textarea>\n";
                    break;

                case 5:
                    // Checkboxen
                    $checkbox_options = explode("\n", $row['fieldcontent']);
                    $fieldcontent = "<fieldset>\n";
                    foreach ($checkbox_options as $checkbox_option) {
                        $fieldcontent .= "<input name='sendfield[{$id}][]' type='checkbox' " . htmlspecialchars(str_replace("\n", '', $checkbox_option), ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . " value='" . htmlspecialchars(str_replace("\n", '', $checkbox_option), ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "'> " . htmlspecialchars(str_replace("\n", '', $checkbox_option), ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "<br />\n";
                    }
                    $fieldcontent .= "</fieldset>\n";
                    break;

                case 6:
                    // E-Mail
                    $fieldcontent = "<input type='email' value='" . htmlspecialchars($row['fieldcontent'], ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1') . "' name='sendfield[{$id}]' {$required}>\n";
                    break;
            }
            eval("\$bewerbungsformular_field_bit .= \"" . $tpl->get('bewerbungsformular_field_bit') . "\";");
        }
    }
    $nextpage = $page + 1;
    eval("\$tpl->output(\"" . $tpl->get("bewerbungsformular") . "\");");
} else {
    // Fehlerdialog
    eval("\$tpl->output(\"" . $tpl->get("bewerbungsformular_isoffline") . "\");");
}
?>
Worann könnte es liegen das die Mail nicht versendet wird?

Es gibt noch eine Config.php dazu mit Folgendem Inhalt.
Code:
<?php
$mail_to_me = "meine@mail.com";
?>
 

ComFreek

Mod | @comfreek
Moderator
#2
In der Tat, der Code hat mindestens 4 schwerwiegende Sicherheitslücken und sieht auch sonst sehr aufräumbedürftig aus! An deiner Stelle würde ich mich nach einem anderen Skript umschauen und das vorliegende schnellstmöglich entfernen.

Zum Beispiel erlaubt folgende Zeile wegen dem ENT_NOQUOTES beliebige XSS-Angriffe!
PHP:
htmlspecialchars($row['fieldcontent'], ENT_NOQUOTES | ENT_HTML401, 'ISO-8859-1')
Die Nutzung von eval hier ist aber insbesondere evil! (eval is evil)
Bitte ersetze all deine evals, etwa:
PHP:
eval("\$tpl->output(\"" . $tpl->get("bewerbungsformular_success") . "\");")
// ersetzen durch
$tpl->output($tpl->get("bewerbungsformular_success"));
Zum Problem: tauchen denn Fehlermeldungen auf? Ansonsten mal alle anschalten (aber nicht auf dem url=https://www.tutorials.de/threads/perso-check-script-erweitern.407432/post-2109144]Production Server[/url]):
PHP:
error_reporting(E_ALL);
ini_set('display_errors', true);
 

Shorty1968

Erfahrenes Mitglied
#3
Danke habe die eval alle ersetzt und das error_reprting eingebunden,das ergebniss.
Code:
Notice:  Undefined index: HTTP_CLIENT_IP in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 74
Notice:  Undefined index: HTTP_X_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 77
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 82
Notice:  Undefined index: HTTP_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 84
Notice:  Undefined index: HTTP_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 86
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 88
Notice:  Undefined index: HTTP_CLIENT_IP in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 74
Notice:  Undefined index: HTTP_X_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 77
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 82
Notice:  Undefined index: HTTP_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 84
Notice:  Undefined index: HTTP_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 86
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 88
Notice:  Undefined index: HTTP_CLIENT_IP in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 74
Notice:  Undefined index: HTTP_X_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 77
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 82
Notice:  Undefined index: HTTP_FORWARDED_FOR in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 84
Notice:  Undefined index: HTTP_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 86
Notice:  Undefined index: HTTP_X_FORWARDED in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 88
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 4982
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 4982
Notice:  Undefined variable: _get in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 5070
Notice:  Undefined variable: _request in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 5071
Notice:  Undefined variable: get in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 5072
Notice:  Undefined variable: request in /var/www/vhosts/example.com/httpdocs/acp/lib/ct_funktion.inc.php on line 5073
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/ct_blocker.php on line 34
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/ct_blocker.php on line 73
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/ct_blocker.php on line 89
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/ct_blocker.php on line 89
Notice:  Undefined variable: filename in /var/www/vhosts/example.com/httpdocs/ct_blocker.php on line 89
 
Zuletzt bearbeitet von einem Moderator:

ComFreek

Mod | @comfreek
Moderator
#4
Ich habe deinen Domainnamen im Log durch example.com ersetzt. Sonst könnte jeder, der gerade hier mitliest, gnadenlos alle Sicherheitslücken ausnutzen. Ich muss aber jetzt los, ggf. kommentier ich später zu den Notice Ausgaben oder jemand anderes ist schneller ;)
 

Shorty1968

Erfahrenes Mitglied
#5
Ok vielen dank.

Die ersten Zeilen die er anmekert sehen so aus.
Code:
function getip() {
   if (validip($_SERVER["HTTP_CLIENT_IP"])) {
       return $_SERVER["HTTP_CLIENT_IP"];
   }
   foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
       if (validip(trim($ip))) {
           return $ip;
       }
   }
   if (validip($_SERVER["HTTP_X_FORWARDED"])) {
       return $_SERVER["HTTP_X_FORWARDED"];
   } elseif (validip($_SERVER["HTTP_FORWARDED_FOR"])) {
       return $_SERVER["HTTP_FORWARDED_FOR"];
   } elseif (validip($_SERVER["HTTP_FORWARDED"])) {
       return $_SERVER["HTTP_FORWARDED"];
   } elseif (validip($_SERVER["HTTP_X_FORWARDED"])) {
       return $_SERVER["HTTP_X_FORWARDED"];
   } else {
       return $_SERVER["REMOTE_ADDR"];
   }
 

EuroCent

Erfahrenes Mitglied
#9
Mach mal folgendes:
lass dir per print_r() dir die Server-Variable ausgeben und prüfe ob da diese Werte wie oben überhaupt enthalten ist.

PHP:
<?php
prinf('<pre>%s</pre>', print_r($_SERVER, true));
?>
Du kannst auch folgendes versuchen:
PHP:
<?php
function getip() {
    if(isset($_SERVER)) {
        //Hier der Code
    } else {
        return false;
    }
}

/* ODER */
function getip() {
    if(isset($_SERVER['HTTP_FORWARDING'])) { // Uns so weiter
        //Hier der Code
    } else {
        return false;
    }
}
?>
Prüfe am besten falls die mitkommen ob sie Leer sind, also quasi ungleich Leer (null) sind. :)