Page 1 of 1

REG + LOGIN + MEMBER AREA (MYSQL) help and use

Posted: Wed Nov 09, 2005 11:18 am
by spamyboy
I hope i didnt forgot anythink
:wink: I wrote this 1yr ago, this is register (email msg confim), login, and members area (logout).
Does anyone have sugestions for securyte and etc.


SPAMYBOY.COM 2003 - 2005 (Lithuania, Gajus Kuzinas - spamyboy@gmail.com)


REGISTER.PHP

Code: Select all

<?
     include("data/config.php");

if($_POST[passwd] == $_POST[passwd2])
{
     $result = @mysql_query("select * from reg where name = '" .
$_POST[name] . "' and confirmed = '1'");

     if(strlen($_POST['name']) > 0)
     {
             if($_POST[name] != @mysql_result($result, 0, "name"))
             {
	    $number   = $_POST['txtNumber'];	
		              if (md5($number) == $_SESSION['image_random_value']) {	 
			
                     $md = md5(time().$_POST['name']);

                     mysql_query("insert into reg set name = '" .
$_POST['name'] . "',
email = '" . $_POST['email'] . "', password = '" .
crypt($_POST['passwd']) . "', md = '" . $md . "'");
                     mail($_POST['email'], 'confirm', '<a
href="http://spamyboy.com/data/confirm.php?' . $md . '">press
cia..</a>', 'FROM:some@one.com');

  } else {
        $errorMessage = 'error';
    }    

                     print ' Pleas chack e-mail field';
					 
             }
             else
             {
                     print ' username already in use';
             }
     }
}
else
{
    print ' Done';
}

?>

<form action="" method=post>
<table width="150" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
<table width="590" border="0" cellspacing="0" cellpadding="0">
 
   <tr>
    
    <td width="92">&nbsp;</td>
   </tr> 
   <tr>
    <td><span class="style1">login * </span></td>
    <td width="190"><input name="name" type=text class="text_field" /></td> 
    <td width="362" align="left" valign="middle">
      </td>
  </tr>
    <tr>
    
    <td>&nbsp;</td>
   </tr>
  <tr>
    <td><span class="style1">e-mail</span> * </td>
    <td><input name="email" type=text class="text_field" /></td>
    <td><table width="349" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="92"><span class="style1">enter what u see in picture </span></td>
          <td width="150"><input type="text" class="text_field" /></td><td width="107"><img src="data/image.php" alt="kraunasi" align="left" /></td>
        </tr>
      </table></td>
  </tr>  <tr>
    
    <td>&nbsp;</td>
   </tr>
  <tr>
    <td><span class="style1">password * </span></td>
    <td><input name="passwd" type=password class="text_field" /></td>
    <td><table width="238" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td width="92"><span class="style1">re-password *</span></td>
          <td width="146"><input name="passwd2" type="password" class="text_field" /></td>
        </tr>
      </table></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
  </tr>
</table>
<p><input type=submit class="button" value="go">
</p>
</form>
LOGIN.PHP

Code: Select all

<?
	include("data/config.php");

	session_start();


	if(strlen($_POST['name']) > 0)
	{
		$res = mysql_query("select * from reg where name = '" . $_POST['name'] . "'
and confirmed = '1'") or die(mysql_error());
		$arr = mysql_fetch_array($res);

		 if(crypt($_POST['password'], $arr['password'] ) == $arr['password'] )
		{
			$_SESSION['auth'] = true;
		}
	}


	if($_SESSION['auth'] == true)
	{
		print 'Wellcome <br><a href="?open=members">members</a>';
	}
?>


<form action="" method=post>

<table width="150" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
<table width="641" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="286" align="left" valign="top"><table width="575" border="0" cellspacing="0" cellpadding="0">
   <tr>
    
    <td>&nbsp;</td>
   </tr>
   <tr>
    <td width="92"><span class="style4">login:</span></td>
    <td width="195"><input name=name type=text class="text_field" /></td>
    <td width="278" align="left" valign="middle">&nbsp;</td>
  </tr>
   <tr>
    
    <td>&nbsp;</td>
   </tr>
  <tr>
    <td><span class="style4">passwords:</span></td>
    <td><input name=password type=password class="text_field" /></td>
  </tr>
</table></td>
    
  </tr>
</table>
<p><input type=submit class="button" value="go">
</p>
</form>

MEBERS.PHP

Code: Select all

<?php
session_start();
if($_SESSION['auth'] == true){
echo "wellcome";
}else{
    echo "Pleas login";
}
?>
CONFIRM.PHP

Code: Select all

<?
	include("config.php");

	mysql_query("update reg set confirmed = '1' where md = '" . $_SERVER['QUERY_STRING'] . "'");

	print 'Confirmed';
?>

CONFIG.PHP

Code: Select all

<?
	$localhost = "localhost";
	$user = "user";
	$password = "pass";
	$database = "DB";

	mysql_connect("$localhost", "$user", "$password");
	mysql_select_db("$database");
?>
LOGOUT.PHP

Code: Select all

<?
session_unset();
session_destroy();
header("Location: ". $_SERVER['HTTP_REFERER' ] ."");
?>

Posted: Wed Nov 09, 2005 11:29 am
by Luke
How come you wrapped everything in code and php tags?

Posted: Wed Nov 09, 2005 11:39 am
by spamyboy
Fixed :wink:

Posted: Wed Nov 09, 2005 11:39 am
by josh

Code: Select all

$result = @mysql_query("select * from reg where name = '" .
$_POST[name] . "' and confirmed = '1'");
SQL injection vulnerability

the fix: http://us2.php.net/mysql_real_escape_string

Posted: Wed Nov 09, 2005 1:49 pm
by spamyboy
more ? ;)

Posted: Wed Nov 09, 2005 1:57 pm
by foobar
spamyboy wrote:more ? ;)
Yep, all the other MySQL queries.

Use mysql_real_escape_string() and/or sprintf().