Page 2 of 2

Posted: Thu May 17, 2007 3:14 am
by Mordred
No, my example uses MySQL's MD5 function, yours uses PHP's and it won't be correct for passwords containing SQL metacharacters. Use my example, or correct the PHP code accordingly.

Search google for "session fixation" (even Wikipedia has an article on it). Regenerating the session id is a countermeasure against it.

Posted: Thu May 17, 2007 9:06 am
by Mirux
Well, this is what you mean?

Code: Select all

<? session_start(); ?>
<?php
include ("variables.php");
function Login($myusername, $mypassword){
	global $connect, $mtable, $msg;
	$myusername= mysql_real_escape_string($myusername);
	$mypassword= mysql_real_escape_string($mypassword);
	$query= "SELECT * FROM $mtable WHERE name='$myusername' AND pw=MD5($mypassword)";
	$result= mysql_query($query);
	$num= mysql_num_rows($result);
	$row= mysql_fetch_array($result);
	if ($num != 1){
	die ($msg['login.error']);
	}
	else
	{
		if (!isset($_POST['checkbox'])){
		$_SESSION['myusername']= $row['name'];
		$_SESSION['mypassword']= $row['pw'];
		}
		else{
		setcookie("myusername", $row['name'], time()+604800);
		setcookie("mypassword", $row['pw'], time()+604800);
		$_SESSION['myusername']= $row['name'];
		$_SESSION['mypassword']= $row['pw'];
		}
		
	}
}
if (isset($_POST['submit'])){
	if (!$_POST['myusername'] || !$_POST['mypassword']){
		die ($msg['login.noinfo']);
	}
	else{
			Login($_POST['myusername'], $_POST['mypassword']);
			die ($msg['login.in']);
		}
		
	}
?>
<head>
<link rel='stylesheet' type='text/css' href='style.css'>
</head>
<table width='150' border='0' align='center' cellpadding='0' cellspacing='1' bgcolor='#CCCCCC'>
<tr>
<form name='form1' method='POST'>
<td>
<table width='100%' border='0' cellpadding='3' cellspacing='1' bgcolor='#FFFFFF'>
<tr>
<td colspan='3'><b>Member Login </b></td>
</tr>
<tr>
<td width='78'>Username</td>
<td width='6'>:</td>
<td width='300'><input name='myusername' type='text' maxlength='30'></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name='mypassword' type='password'></td>
</tr>
<td><input type='submit' name='submit' value='Login'></td>
<td></td>
<td><input type='checkbox' name='checkbox'> Remember me</td>
</tr>
</table>
</form>
</table>
The cookie part is not working well, I gotta fix it soon. But check out the MD5 part and the query which is the important.