PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am trying to make a pritty secury login for a gallery. I just wane know if some one could help me out in a way i could secure it more. At the moment i have
<?php
function m_user($usr, $pwd) {
$session_time;
dbi();
$sql = "SELECT * FROM users WHERE username = '$usr' AND password = '$pwd'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1) {
$sql1 = "SELECT * FROM users WHERE username = '$usr' AND password = '$pwd'";
$result1 = mysql_query($sql1);
$row = mysql_fetch_array($result1);
$userid = $row['uid'];
$_SESSION['userid'] == $userid;
$sql2 = "INSERT INTO active_users (sid, uid, username, usertime) VALUES (NULL,'$userid','$usr','$session_time')";
$result2 = mysql_query($sql2);
}
}
?>
Setting a Session called userid to use the user id where every i want information from the user and setting a row in active_user to check if the user is still active and if not that row will be removed and if the user is in the 20 min session time that row will be updated.
How secure is this script and is there any thing els i can add to make securety even better.
Copy the exact text he used: ' or 1=1; ' (include the quotes).
Unless you have magic_quotes enabled without knowing it, the extra quote mark in the text he gave you would basically screw your SQL query up totally, making it look like this:
SELECT * FROM users WHERE username = '?' AND password = ' ' or 1=1; ''
In other words - you'd always be able to login (because 1 is always equal to 1).
' or 1=1; ' in the password field does not work , I don`t know why . LOl or really i am happy it doesn`t work i entered no username and ' or 1=1; ' and even a username and ' or 1=1; ' and still doesn`t work even ' or 1=1; ' and ' or 1=1; ' does not work , sorry
Yeah, you've got magic quotes enabled then (and didn't even know it.. heh).
Basically all of his original comments still apply though - there isn't a single piece of data validation going on, you don't check the length of the values, if they are strings or numbers, if they contain HTML or SQL code, heck if they even exist or not. They just get dumped directly into a SQL query. See where we're coming from now?
Yea i am , what i will do is i will check the lenth of the input and then check if it is set and so on. Thanks for the help we paste the new code again and check what you guys think about it. Thanks
//simple regex valdation to allow only numbers and letters
//does depend on whatever password validation scheme you are using
if (!eregi("[[]]",$pasword){
echo "Alphabetical and numbers only";
}
...
//redundant code only need to do one query
$sql = "SELECT * FROM users WHERE username = '$usr' AND password = '$pwd'";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
$userid = $row['uid'];
$_SESSION['userid'] = $userid;
$sql2 = "INSERT INTO active_users (sid, uid, username, usertime) VALUES (NULL,'$userid','$usr','$session_time')";
$result2 = mysql_query($sql2);
Header("Location: index.php?f=tg");
} else {
Last edited by lostboy on Fri May 21, 2004 12:49 pm, edited 1 time in total.