PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
<?php
ob_start();
require('config.php');
echo "<center>";
//Write the login form out
echo "<form method=post action=login.php?action=check><table><tr><td><font size=2>Username:</font></td><td><input type=text name=username></td></tr><tr><td><font size=2>Password:</font></td><td><input type=password name=password></td></tr><tr><td></td><td><input type=submit value=Login></td></tr></table></form>";
//check the input
if($_GET['action'] == 'check')
{
//find the user
$result = mysql_query("SELECT * FROM user WHERE username='{$_POST['username']}'") or die(mysql_error());
$row = mysql_fetch_array( $result ); //set $row to result
if($row['username'] == "")
{
echo error();
}
else
{
//$enc = md5($_POST['Pword']);
$enc = $_POST['password'];
if($row['password'] == $enc)
{
$_SESSION['username'] = $_POST['username'];
$_SESSION['lp'] = 'pl';
$_SESSION['password'] = $enc;
$_SESSION['id'] = $row['id'];
echo "<center><font color=CCCCCC><b>Welcome " . $_SESSION['username'] . " ID# " . $_SESSION['id'] . " Password " . $_SESSION['password'] . "!</b></font>";
header( "Location: staff.php" );
exit;
}
else
{
echo error();
}
}
}
function error()
{
echo "<b>The username/password is incorrect</b>";
}
?>
but when it gets to the header it doesnt go. it shows up all the sessions, i wanted to make sure the query was good, and it is, it correctly shows all the sessions up, but wont go to the header, anyone see why?
1. Enable error reporting, and you'll see what's the problem yourself
2. You can't have header() after echo-ing something
3. echo error(), where error() itself echoes is a bit of a nonsense
4. Awkward: if($row['username'] == "") -- you ask the database if the user entered an empty string in the form?
0. (most important) SQL injection in $_POST['username']
i dont have access to my php.ini so i put on in the folder im using with
ini_set("display_errors", "on");
error_reporting(E_ALL);
output_buffering = 4096;
doesnt report anything.
the other parts are old code, the error works fine, im not worried about that right this moment. like i said, it works completely fine on another page, but not on this one for some reason.
took out the echo before the header and it still does the same exact thing.
what do you mean by "SQL injection in $_POST['username']"
i honestly have no clue. :/
so after reading up on sql injection, it looks like my problem is if people see how i coded the stuff, they could put a username in that could effect my databases or site, pretty severely. correct?
if so, i was reading, and it look like this is a safer way to do it
$query_result = mysql_query
(
"select * from users where name = '"
.
mysql_real_escape_string($user_name)
.
"'"
);
is that true?
and whoever replies, please, if you wouldnt mind, giving a little explanation of all this too, so i can make sure i understand. appreciate it.
Yes, your code is correct now (provided that $user_name = $_POST['username'])
it looks like my problem is if people see how i coded the stuff, they could put a username in that could effect my databases or site, pretty severely. correct?
Even if they can't see your exact code, with some attempts they can discover what's going on in your query and manipulate it. The topic is quite advanced and long to explain and it is somewhat against the rules of this board. There are a few good whitepapers on sql injection and blind sql injection, google will assist you in finding them if you're still interested. From a coder's point of view, mysql_real_escape_string() is mostly enough.
ok, cool. i read a bit on it on google already, so i think i understand, and i know a fix, and understand it, so thats even better.
thanks a bundle for making my newer site safer!