I have made a simple login script which sort of works but seems to have a security problem.
I have set up a user in the database with an md5 encrypted password. When I login using the wrong username it does as it should and displays a page that says "Wrong username or password" with a link back to try your login again. This works as it should, however if I enter the correct username that is in MySQL database but use the wrong password it lets me into the site even though its the wrong password. what am I doing wrong.
Here is my code.
login.php
<form name="form1" method="post" action="auth.php">
<label>User Name
<input type="text" name="admin" tabindex="1" size="21">
</label>
<label>Password
<input type="password" name="password" tabindex="2" size="21" mask="x">
</label>
<p>
<input type="submit" name="submit" value="Login" tabindex="3">
</p>
</form>
auth.php
<?php
include_once '/Connections/Test.php';
session_start();
if (isset($_POST['submit']))
{
$admin=$_POST['admin'];
$password=$_POST['password'];
$admin=strip_tags($admin);
$password=strip_tags($password);
$password=md5($password);
$query = "select name,password from administrators where name='$admin' and '$password'";
$result = mysql_query($query) or die ("Could not query administrators");
$result2 = mysql_fetch_array($result);
if ($result2)
{
$_SESSION['admin']=$admin;
echo "<big>Logged in successfully<br>";
echo "<a href='RecordsAdmin.php'>Continue</a></big>";
}
else
{
echo "Wrong user name or password.";
echo "<big><a href='login.php'>Try Again</a></big>";
}
}
?>
Test.php (database connection php script)
<?php
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"
$hostname_Test = "localhost";
$database_Test = "sbm";
$username_Test = "root";
$password_Test = "xxxxx";
$Test = mysql_pconnect($hostname_Test, $username_Test, $password_Test) or trigger_error(mysql_error(),E_USER_ERROR);
if(!$Test) die("Could not connect to MySQL");
if(!mysql_select_db($database_Test,$Test))
die("That database does not exist");
?>
The following code is used to add new user and password to the database.
register.php
<?php include '/Connections/Test.php';?>
<form id="register" name="form1" method="post" action="reguser.php">
<lable>Type Username Here:
<input name="admin" type="text" size="25">
</lable>
<p>
<lable>Type Password Here:
<input name="password" type="text" value="" size="25" mask="x">
</lable>
<p>
<lable>ReType Password Again:
<input name="pass2" type="text" size="25" mask="x">
</lable>
<p>
<input type="submit" name="Submit" value="Submit">
</form>
reguser.php
<?php include '/Connections/Test.php';?>
<?php
$admin=$_POST['admin'];
$password=$_POST['password'];
$pass2=$_POST['pass2'];
$admin=strip_tags($admin);
if ($password==$pass2)
{
$isadmin="SELECT * from administrators where name='$admin'";
$isadmin2=mysql_query($isadmin) or die("Couldn't query administrators table");
$isadmin3=mysql_fetch_array($isadmin2);
if(!$_POST['password'] || !$_POST['pass2'])
{
print "You did not enter a password";
echo " <A href='register.php'>Go back</a><br>";
exit;
}
else if($isadmin3 || strlen($admin)>21 || strlen($admin)<1)
{
print "There is already a administrator with that name or the name you specified is over 16 characters or less than 1 character";
echo "<A href='register.php'>Go back</a><br>";
exit;
}
else
{
$password=md5($password);
$SQL="INSERT into administrators(name, password) VALUES ('$admin','$password')";
mysql_query($SQL) or die("could not register");
print "Thank you for registering!";
}
}
else
{
print "Your password did not match or you did not enter a password";
echo "<A href='register.php'>Go back</a><br>";
exit;
}
echo " <A href='login.php'>Login Page</a><br>";
?>
Login Script Not Secure Why ? [RESOLVED]
Moderator: General Moderators
Login Script Not Secure Why ? [RESOLVED]
Last edited by VR-Fox on Tue Jul 06, 2010 2:45 pm, edited 1 time in total.
Re: Login Script Not Secure Why ?
because you are missing something here.... look how are you checking for the name versus the way you are checking the password....VR-Fox wrote:$query = "select name,password from administrators where name='$admin' and '$password'";
Re: Login Script Not Secure Why ?
Ahhh Yes I see I now. Forgot the password= part
Thanks
Thanks