PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
I wrote this after doing some research and trying to understand tutorials, etc.
I'm not sure if it will work. Can anyone see any major mistakes or flaws?
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by Kureigu on Thu Feb 08, 2007 5:37 am, edited 6 times in total.
Caution
If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.
wildwobby wrote:Looks good except why is the password just an md5() of the username?
Agreed, you should use, at least, SHA1 (SHA256 if your server supports it, though this is often not the case)
As for SQL injection, a simple routing that looks for "evil" input using something like regex could work. Here's an example of the quick (and very) dirty system I use.
function check_input($input) {
if (preg_match('/{|}|"|<|>|\.\//',$input)){
return true;
}
return false;
}
function scan($input) {
if( check_input($input)==true ) {
print "<h3>Error, reserved characters present database query!</h3>\n";
exit;
}
}
The username sould be run through a set of funtions like this. The idea is "treat all input as evil" (password shouldn't be a problem as it gets hashed)
jolinar, your function is fine, but it is not enough. All data should be mysql_real_escape_string()-ed before putting it in a mysql_query(). If you have to stop and think if your check was enough, this means it's not enough.
Your function is about validation, which is a part of the code logic level. SQL Injection is an attack on the syntax level, and should be stopped by syntactical means. Proper escaping is one, writing SQL statements with proper syntax is another, and Kureigu did neither.
Btw, after $pword = md5($_POST['pword']); $pword is safe enough, on the code logic level it is fine. But remember what I told you - if you have to stop and think if it's enough, then it's not enough! Good coding practice dictates that you escape it as well.
I appreciate all of the advice, and I'll take time to read over it.
Morbred, I did neither because I've never heard of either of them. You should be able to tell from the script I'm not very experienced with PhP so need alittle help here and there.
Now can someone tell me what I have to do to fix this problem?
I don't really need being told what I should do to make it better, I just want it working first. I purposely made it basic to start because I had never done a login script before.
<?php
session_start();
function db_login($uname, $pword)
{
// There could stand to be more validation than this
$uname = mysql_real_escape_string($uname);
$pword = mysql_real_escape_string($pword);
// Handle empty values
if (empty($uname) || empty($pword))
{
// Use this area to handle errors
return false;
}
$dbHost = "localhost";
$dbUser = "";
$dbPass = "";
$dbDatabase = "userbeta";
$dbTable = "userbeta";
if (!$db = mysql_connect($dbHost, $dbUser, $dbPass))
{
die("Error accessing user database. Please try again.");
}
if (!mysql_select_db($dbDatabase, $db))
{
die("Could not select database");
}
// Backticks help prevent reserved field name clashes
// Also, since this is a single login, you should limit the return result to 1
$sql = "SELECT * FROM `$dbTable` WHERE `username` = '$uname' AND `password` = '$pword' LIMIT 1"
//execute the query
if (!$out = mysql_query($sql, $db))
{
// You can leave out the mysql_error() call for production
die('Could not execute the query: ' mysql_error());
}
if (mysql_num_rows($out) == 1)
{
$_SESSION['username'] = $uname;
return true;
}
else
{
return false;
}
}
// Begin main
$uname = isset($_POST['uname']) ? $_POST['uname'] : '';
$pword = isset($_POST['pword']) ? md5($_POST['pword']) : '';
if (empty($uname) || empty($pword))
{
header("location: http://www.fuldomainurl.com/login.php");
exit;
}
if (!$login = db_login($uname, $pword))
{
echo 'There was a problem';
}
else
{
echo 'Sweet, you are in!';
}
?>