FIND MY SECURITY HOLE... I GIVE YOU A NICKEL
Moderator: General Moderators
FIND MY SECURITY HOLE... I GIVE YOU A NICKEL
Find My Security Hole... I Give You A Nickel
HELLO ALL.
PROFESSIONALS... I NEED YOUR HELP.
I HAVE RECENTLY GOT A JOB AT A DECENT PLACE THAT HIRED ME TO ADMIN THEIR NETWORK...AND... CODING A DYNAMIC WEBSITE WITH PHP AND MYSQL. WELL... IM A NEWBIE...IVE ONLY BEEN LOOKING AT MYSQL AND PHP FOR A WEEK. ANYHOW.. IVE BEEN CODING SOME STUFF FOR OUR WEBSITE. RIGHT NOW .. IM ONLY AT THE USER AUTHENTICATION PART. GIVEN THAT IM AN EXTREME NEWBIE... I DONT KNOW SECURITY...AT ALL ACTUALLY.
SO... FOR YOU PROFESSIONALS OUT THERE... I KNOW YOU ALL KNOW WHAT THINGS TO LOOK FOR WHEN IT COMES TO DEVEL0PING DYNAMIC PAGES FOR WEBSITES THAT NEED TO BE PRETTY SECURE. PLEASE LOOK AT MY CODE AND TELL ME IF THIS IS WORTHY OR BEING PUT UP AS A CORPORATE WEBSITE (CODE WISE... I'VE YET TO START CONSIDERING HARDWARE SECURITY AND ALL THAT.) PLEASE HELP...ALL THIS CODE IVE PUT TOGETHER IS FROM TEXT BOOKS AND ONLINE HELP...I HAVE GOT ONLY ABOUT 2 SEMESTERS OF PROGRAMMING COURSEWORK UNDER MY BELST...SO IM REALLY WEARY OF PUTTING ANYTHING UP THAT HASNT BEEN CRITIQUED BY A SEASONED PROFESSIONAL.
ANY INPUT WOULD BE REALLY HELPFUL.
THANK YOU ALL SO MUCH.
HERE IT GOES.
GATEWAY.PHP is the page that recieves user input
AUTHENTICATION.PHP is the php page that verifies user input with the database.
//GATEWAY.PHP
<html>
<body
<br /><br />
<p> my company name</p>
<form action = "AUTHENTICATION.PHP" method=post>
<input type="text" name="username">
USERNAME
<br>
<input type="text" name="password">
PASSWORD<br>
<input type="image" src="login.gif">
</form>
</body>
</html>
//AUTHENTICATION.PHP
<?
echo "MYCOMPANY INC. User Authentication routine.<br /><br />";
//RETRIEVING VARS FROM GATEWAY.PHP VIA POST
$username =$_POST['username'];
$password = $_POST['password'];
//CONNECTING TO DATABASE
$link = mysql_connect ('localhost', 'spinsykel', 'spinsykel');
if ($link)
{
echo "error: could not connect to database <br /><br />";
exit;
}
//RETRIEVING DATA FROM DATABASE
mysql_select_db('users');
$sql = "SELECT lastname FROM users WHERE password = '$password' AND firstname = '$username'";
$result = mysql_query($sql) or die (mysql_error());
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) == 0)
{
echo "INVALID USERNAME AND/OR PASSWORD.
PLEASE CLICK BACK ON YOUR BROWSER AND
ENTER A VALID USERNAME AND PASSWORD.
THANK YOU.";
}
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) ==1)
{
$row = mysql_fetch_array($result);
list(,$lastname) + each ($row);
echo 'RECORD FOUND! <br /><br />';
$username = ucfirst ($username);
$lastname = ucfirst ($lastname);
echo "$lastname, $username;
$found =1;
}
//IF FINDS MORE THAN ONE MATCHING PASSWORD AND USERNAME (BIG TROUBLE!)
if (mysql_num_rows($result) > 1)
{
echo "WE ARE HAVING TECHNICAL DIFFICULTIES AND
ARE UNABLE TO RETRIEVE YOUR USER INFORMATION AT
THIS TIME. PLEASE COME BACK AT A LATER TIME.
THANK YOU - INFORMATION SYSTEMS DEPRTMENT";
}
?>
HELLO ALL.
PROFESSIONALS... I NEED YOUR HELP.
I HAVE RECENTLY GOT A JOB AT A DECENT PLACE THAT HIRED ME TO ADMIN THEIR NETWORK...AND... CODING A DYNAMIC WEBSITE WITH PHP AND MYSQL. WELL... IM A NEWBIE...IVE ONLY BEEN LOOKING AT MYSQL AND PHP FOR A WEEK. ANYHOW.. IVE BEEN CODING SOME STUFF FOR OUR WEBSITE. RIGHT NOW .. IM ONLY AT THE USER AUTHENTICATION PART. GIVEN THAT IM AN EXTREME NEWBIE... I DONT KNOW SECURITY...AT ALL ACTUALLY.
SO... FOR YOU PROFESSIONALS OUT THERE... I KNOW YOU ALL KNOW WHAT THINGS TO LOOK FOR WHEN IT COMES TO DEVEL0PING DYNAMIC PAGES FOR WEBSITES THAT NEED TO BE PRETTY SECURE. PLEASE LOOK AT MY CODE AND TELL ME IF THIS IS WORTHY OR BEING PUT UP AS A CORPORATE WEBSITE (CODE WISE... I'VE YET TO START CONSIDERING HARDWARE SECURITY AND ALL THAT.) PLEASE HELP...ALL THIS CODE IVE PUT TOGETHER IS FROM TEXT BOOKS AND ONLINE HELP...I HAVE GOT ONLY ABOUT 2 SEMESTERS OF PROGRAMMING COURSEWORK UNDER MY BELST...SO IM REALLY WEARY OF PUTTING ANYTHING UP THAT HASNT BEEN CRITIQUED BY A SEASONED PROFESSIONAL.
ANY INPUT WOULD BE REALLY HELPFUL.
THANK YOU ALL SO MUCH.
HERE IT GOES.
GATEWAY.PHP is the page that recieves user input
AUTHENTICATION.PHP is the php page that verifies user input with the database.
//GATEWAY.PHP
<html>
<body
<br /><br />
<p> my company name</p>
<form action = "AUTHENTICATION.PHP" method=post>
<input type="text" name="username">
USERNAME
<br>
<input type="text" name="password">
PASSWORD<br>
<input type="image" src="login.gif">
</form>
</body>
</html>
//AUTHENTICATION.PHP
<?
echo "MYCOMPANY INC. User Authentication routine.<br /><br />";
//RETRIEVING VARS FROM GATEWAY.PHP VIA POST
$username =$_POST['username'];
$password = $_POST['password'];
//CONNECTING TO DATABASE
$link = mysql_connect ('localhost', 'spinsykel', 'spinsykel');
if ($link)
{
echo "error: could not connect to database <br /><br />";
exit;
}
//RETRIEVING DATA FROM DATABASE
mysql_select_db('users');
$sql = "SELECT lastname FROM users WHERE password = '$password' AND firstname = '$username'";
$result = mysql_query($sql) or die (mysql_error());
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) == 0)
{
echo "INVALID USERNAME AND/OR PASSWORD.
PLEASE CLICK BACK ON YOUR BROWSER AND
ENTER A VALID USERNAME AND PASSWORD.
THANK YOU.";
}
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) ==1)
{
$row = mysql_fetch_array($result);
list(,$lastname) + each ($row);
echo 'RECORD FOUND! <br /><br />';
$username = ucfirst ($username);
$lastname = ucfirst ($lastname);
echo "$lastname, $username;
$found =1;
}
//IF FINDS MORE THAN ONE MATCHING PASSWORD AND USERNAME (BIG TROUBLE!)
if (mysql_num_rows($result) > 1)
{
echo "WE ARE HAVING TECHNICAL DIFFICULTIES AND
ARE UNABLE TO RETRIEVE YOUR USER INFORMATION AT
THIS TIME. PLEASE COME BACK AT A LATER TIME.
THANK YOU - INFORMATION SYSTEMS DEPRTMENT";
}
?>
forgive me for being such a newbie
i was under the impression that <? ?> were php tags... i didnt know that there are additional tags i could use to help my code be readable
i did put the "//" comments though..
i would love to use the php tags you are talking about though if it would help my code be more readable...
would you care to show me the php tags you are talking about?
if you do... id add it and report my code.
sincerely,
ron.
i did put the "//" comments though..
i would love to use the php tags you are talking about though if it would help my code be more readable...
would you care to show me the php tags you are talking about?
if you do... id add it and report my code.
sincerely,
ron.
BBcode tags this forum offers
echo "HI";
compared to
before your code, add a [ php ] w/o the spaces before/after the braket, add a [ /php ] (again w/o spaces)
makes it so much easier to read. Your code seems secure, do you use any cookies and/or sessions?
echo "HI";
compared to
Code: Select all
<?php
echo "HI";
?>makes it so much easier to read. Your code seems secure, do you use any cookies and/or sessions?
Find My Security Hole... I Give You A Nickel
HELLO ALL.
PROFESSIONALS... I NEED YOUR HELP.
I HAVE RECENTLY GOT A JOB AT A DECENT PLACE THAT HIRED ME TO ADMIN THEIR NETWORK...AND... CODING A DYNAMIC WEBSITE WITH PHP AND MYSQL. WELL... IM A NEWBIE...IVE ONLY BEEN LOOKING AT MYSQL AND PHP FOR A WEEK. ANYHOW.. IVE BEEN CODING SOME STUFF FOR OUR WEBSITE. RIGHT NOW .. IM ONLY AT THE USER AUTHENTICATION PART. GIVEN THAT IM AN EXTREME NEWBIE... I DONT KNOW SECURITY...AT ALL ACTUALLY.
SO... FOR YOU PROFESSIONALS OUT THERE... I KNOW YOU ALL KNOW WHAT THINGS TO LOOK FOR WHEN IT COMES TO DEVEL0PING DYNAMIC PAGES FOR WEBSITES THAT NEED TO BE PRETTY SECURE. PLEASE LOOK AT MY CODE AND TELL ME IF THIS IS WORTHY OR BEING PUT UP AS A CORPORATE WEBSITE (CODE WISE... I'VE YET TO START CONSIDERING HARDWARE SECURITY AND ALL THAT.) PLEASE HELP...ALL THIS CODE IVE PUT TOGETHER IS FROM TEXT BOOKS AND ONLINE HELP...I HAVE GOT ONLY ABOUT 2 SEMESTERS OF PROGRAMMING COURSEWORK UNDER MY BELST...SO IM REALLY WEARY OF PUTTING ANYTHING UP THAT HASNT BEEN CRITIQUED BY A SEASONED PROFESSIONAL.
ANY INPUT WOULD BE REALLY HELPFUL.
THANK YOU ALL SO MUCH.
HERE IT GOES.
GATEWAY.PHP is the page that recieves user input
AUTHENTICATION.PHP is the php page that verifies user input with the database.
HELLO ALL.
PROFESSIONALS... I NEED YOUR HELP.
I HAVE RECENTLY GOT A JOB AT A DECENT PLACE THAT HIRED ME TO ADMIN THEIR NETWORK...AND... CODING A DYNAMIC WEBSITE WITH PHP AND MYSQL. WELL... IM A NEWBIE...IVE ONLY BEEN LOOKING AT MYSQL AND PHP FOR A WEEK. ANYHOW.. IVE BEEN CODING SOME STUFF FOR OUR WEBSITE. RIGHT NOW .. IM ONLY AT THE USER AUTHENTICATION PART. GIVEN THAT IM AN EXTREME NEWBIE... I DONT KNOW SECURITY...AT ALL ACTUALLY.
SO... FOR YOU PROFESSIONALS OUT THERE... I KNOW YOU ALL KNOW WHAT THINGS TO LOOK FOR WHEN IT COMES TO DEVEL0PING DYNAMIC PAGES FOR WEBSITES THAT NEED TO BE PRETTY SECURE. PLEASE LOOK AT MY CODE AND TELL ME IF THIS IS WORTHY OR BEING PUT UP AS A CORPORATE WEBSITE (CODE WISE... I'VE YET TO START CONSIDERING HARDWARE SECURITY AND ALL THAT.) PLEASE HELP...ALL THIS CODE IVE PUT TOGETHER IS FROM TEXT BOOKS AND ONLINE HELP...I HAVE GOT ONLY ABOUT 2 SEMESTERS OF PROGRAMMING COURSEWORK UNDER MY BELST...SO IM REALLY WEARY OF PUTTING ANYTHING UP THAT HASNT BEEN CRITIQUED BY A SEASONED PROFESSIONAL.
ANY INPUT WOULD BE REALLY HELPFUL.
THANK YOU ALL SO MUCH.
HERE IT GOES.
GATEWAY.PHP is the page that recieves user input
AUTHENTICATION.PHP is the php page that verifies user input with the database.
Code: Select all
<?
//GATEWAY.PHP
<html>
<body
<br /><br />
<p> my company name</p>
<form action = "AUTHENTICATION.PHP" method=post>
<input type="text" name="username">
USERNAME
<br>
<input type="password" name="password">
PASSWORD<br>
<input type="image" src="login.gif">
</form>
</body>
</html>
?>
//AUTHENTICATION.PHP
<?
echo "MYCOMPANY INC. User Authentication routine.<br /><br />";
//RETRIEVING VARS FROM GATEWAY.PHP VIA POST
$username =$_POST['username'];
$password = $_POST['password'];
//CONNECTING TO DATABASE
$link = mysql_connect ('localhost', 'spinsykel', 'spinsykel');
if (!$link)
{
echo "error: could not connect to database <br /><br />";
exit;
}
//RETRIEVING DATA FROM DATABASE
mysql_select_db('users');
$sql = "SELECT lastname FROM users WHERE password = '$password' AND firstname = '$username'";
$result = mysql_query($sql) or die (mysql_error());
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) == 0)
{
echo "INVALID USERNAME AND/OR PASSWORD.
PLEASE CLICK BACK ON YOUR BROWSER AND
ENTER A VALID USERNAME AND PASSWORD.
THANK YOU.";
}
//IF FINDS NO MATCHING PASSWORD AND USERNAME
if (mysql_num_rows($result) ==1)
{
$row = mysql_fetch_array($result);
list(,$lastname) + each ($row);
echo 'RECORD FOUND! <br /><br />';
$username = ucfirst ($username);
$lastname = ucfirst ($lastname);
echo "$lastname, $username;
$found =1";
}
//IF FINDS MORE THAN ONE MATCHING PASSWORD AND USERNAME (BIG TROUBLE!)
if (mysql_num_rows($result) > 1)
{
echo "WE ARE HAVING TECHNICAL DIFFICULTIES AND
ARE UNABLE TO RETRIEVE YOUR USER INFORMATION AT
THIS TIME. PLEASE COME BACK AT A LATER TIME.
THANK YOU - INFORMATION SYSTEMS DEPRTMENT";
}
?>
Last edited by ronjon on Sat Jul 10, 2004 1:04 pm, edited 3 times in total.
yes i do intend to use sessions.
i have not incorporated it as of yet... but i will. i dont intend to use cookies...just sessions.. ive been given the impression that sessions are the way to go.
do you have any additional input regarding using sesisons?
thank you sir.
-ron
do you have any additional input regarding using sesisons?
thank you sir.
-ron
thanks for the replies
feyd... sorry about the caps lock. i didnt think people actually thought it as a big deal... but ok. ill keep from using it.
redmonkey...
thanks for the comment...although.. can you tell me anything about why its not worthy? you dont have to go into detail... but, can you give me some idea as to what i should look up on the net that i could incorporate to make the code more enterprise worthy? please?
thanks you all.
-ron
redmonkey...
thanks for the comment...although.. can you tell me anything about why its not worthy? you dont have to go into detail... but, can you give me some idea as to what i should look up on the net that i could incorporate to make the code more enterprise worthy? please?
thanks you all.
-ron
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
i would like 2 say 2 things ...
1. you do like your caps dont you
2. i hope spinsykel isnt your password....
1. you do like your caps dont you
2. i hope spinsykel isnt your password....
Code: Select all
mysql_connect ('localhost', 'spinsykel', 'spinsykel');Code: Select all
<input type="text" name="password">Code: Select all
$sql = "SELECT lastname FROM users WHERE password = '$password' AND firstname = '$username'";Code: Select all
$result = mysql_query($sql) or die (mysql_error());Code: Select all
//CONNECTING TO DATABASE
$link = mysql_connect ('localhost', 'spinsykel', 'spinsykel');
if ($link)
{
echo "error: could not connect to database <br /><br />";
exit;
}While I appreciate that you have minimal experience with PHP this is nowhere near the level of acceptance for a corporate site.
You will also have a (at least one) parse error within your code, you are missing a closing quote on one of your echos.
all comments and suggestions taken and thought about
gabidi..
yeah... the $link thing... i actually just copied it wrong. i forgot to bring the code home so i had to copy it from a printout... i just forgot to type the !. the code works... i tested it. the only thing that im really worried about is the security. but good noticing.
as for the list command... ill look into it and figure out what you mean... since i am a newb... i odnt even know what you mean by scalar variables...but ill definitely look into what you're suggesting.
as for the echo... not sure what you mean ... but again... ill look into that as well.
also, thank you for your congratulations... i appreciate it. im excited about the job and am looking forward to learning coding more in depth so that i can add that to my title as well == job security and more financial compensation in the long run
buzzly...
i forgot to mention... that 80% of what they hired me for was to admin their network, troubleshoot their pc's, coordinate it projects and such... the php and mysql was just about 20% or so... all they knew was that I can learn it and want to learn it. so... they didnt just hire me for php and mysql..that would be silly of them. thats like hiring a chef to fix cars.
drew010...
name = "password"... yeah. i actually intend to do that.
thank you all for your replies. the more replies i get, the more i get to put in my notes to refer to later... that helps immensely. you guys freakin rock. i figure if i take all these comments down and incorporate it in my future code, six months or so down the line... id probably churn out code that might actually look like its made by a pro. again, thank you all.
what i was most concerned about...or was not sure about was whether a user would be able to somehow maliciously use any variables or values that were stored in POST... i havent thought about it much really...but i had a comment from somebody that in essence said that doing so was dangerous or somethin... i dont really know if thats true..but was enoug hto make me concerned about it.
ok guys.. if you have any more comments... id love to hear it.
take care.
ron
yeah... the $link thing... i actually just copied it wrong. i forgot to bring the code home so i had to copy it from a printout... i just forgot to type the !. the code works... i tested it. the only thing that im really worried about is the security. but good noticing.
as for the list command... ill look into it and figure out what you mean... since i am a newb... i odnt even know what you mean by scalar variables...but ill definitely look into what you're suggesting.
as for the echo... not sure what you mean ... but again... ill look into that as well.
also, thank you for your congratulations... i appreciate it. im excited about the job and am looking forward to learning coding more in depth so that i can add that to my title as well == job security and more financial compensation in the long run
buzzly...
i forgot to mention... that 80% of what they hired me for was to admin their network, troubleshoot their pc's, coordinate it projects and such... the php and mysql was just about 20% or so... all they knew was that I can learn it and want to learn it. so... they didnt just hire me for php and mysql..that would be silly of them. thats like hiring a chef to fix cars.
drew010...
name = "password"... yeah. i actually intend to do that.
thank you all for your replies. the more replies i get, the more i get to put in my notes to refer to later... that helps immensely. you guys freakin rock. i figure if i take all these comments down and incorporate it in my future code, six months or so down the line... id probably churn out code that might actually look like its made by a pro. again, thank you all.
what i was most concerned about...or was not sure about was whether a user would be able to somehow maliciously use any variables or values that were stored in POST... i havent thought about it much really...but i had a comment from somebody that in essence said that doing so was dangerous or somethin... i dont really know if thats true..but was enoug hto make me concerned about it.
ok guys.. if you have any more comments... id love to hear it.
take care.
ron