Ok, here is updated log in page.
Code: Select all
<?PHP
include("connect.php");
include("vars.php");
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$salt = hash('sha256',uniqid(mt_rand(),true));
$hashed_password = hash('sha256',$password.$salt);
if(isset($_POST['login']))
{
//If password field and username field is not completed give error and exit script. It could like below. I think it is correct.
if (!$_POST['username'] || !$_POST['password']) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Complete all of the required fields. <a href='javascript:self.history.back();' class='link'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Now if they are filled in check it against db.
$sql= mysql_query("SELECT * FROM `ach_users` WHERE `username`='$username' AND `password`='$hashed_password'",$connect);
$result=$sql;
// This counts to see how many rows were found, there should be no more than 1
$count=mysql_num_rows($result);
if($count!=1){
echo $toplogin;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: The password or username which you enetered is wrong. <a href='javascript:self.history.back();' class='link'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//This checks if users is active. 0 for active users, 1 for suspened.
$active=1;
$check = mysql_query("SELECT * FROM `ach_users` WHERE `username`='$username' AND `password`='$hashed_password' AND `active`='$active'",$connect);
$result1 = $check;
$check2 = mysql_num_rows($result1);
if($check2!=0)
{
echo $toplogin;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Your account is suspened, you can't log in anymore. <a href='javascript:self.history.back();' class='link'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
list($check7) = mysql_fetch_row(mysql_query("SELECT `group` FROM `ach_users` WHERE `username`='$username' AND `password`='$hashed_password'",$connect));
$result7 = $check7;
if($result7!=1)
{
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
list($check8) = mysql_fetch_row(mysql_query("SELECT `id` FROM `ach_users` WHERE `username`='$username'",$connect));
$id = $check8;
$update = mysql_query("UPDATE `ach_users` SET `lastlogin`=NOW() ,`ip`='$ip' WHERE `id`='$id'",$connect);
session_start();
$_SESSION['ach_login'] = "1";
$_SESSION['ach_group'] = "2";
$_SESSION['ach_username'] = $_POST['username'];
header("location:/ach/view_ach.php");
}
else
{
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$id = $check8;
$update = mysql_query("UPDATE `ach_users` SET `lastlogin`=NOW() ,`ip`='$ip' WHERE `id`='$id'",$connect);
session_start();
$_SESSION['ach_login'] = "1";
$_SESSION['ach_group'] = "1";
$_SESSION['ach_username'] = $_POST['username'];
header("location:/ach/view_ach.php");
}
}
else
{
echo $toplogin;
echo "<form action='" . $_POST['PHP_SELF'] . "' method='post'>
<table width='323' class='toutborder' cellspacing='2' cellpadding='2'>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Username:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='username'></td>
</tr>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='password'/></td>
</tr>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Remember:</td>
<td class='trstyle' align='center' width='60%'><input type='checkbox' name='remember'/></td>
</tr>
<tr>
<td colspan='2' align='center' class='trstyle'><input type='submit' name='login' value='Log In!'></td>
</tr>
</table>
</form>";
echo "<table width='" . $tr . "' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'><a href='' class='link'>Viking, Pirates, Ninjas and VPN</a> are Trademarks of <a href='http://www.meteorgames.com/' class='link'>Meteor Games LLC</a> and are used with permission for fan site purposes only.<br />
<a href='' class='link'>Viking, Pirates, Ninjas and VPN</a> text, graphic, sound and animation elements © 2009 <a href='http://www.meteorgames.com/' class='link'>Meteor Games LLC</a>. All rights reserved. Used with permission. <br>All other content © 2009 achLog.</td></tr></table></body></html>";
}
?>
Ok, returned the password hash and this time more secure. Thanks to you and your super cool blog! (: Just what type should I set for the password field in database now? How long is it? AND another thing, when I try to log in it shows me that I have wrong password. What is wrong in the script? I registered account with the new script and hashing and cannot log in. I think it is because of the math random unqiue id.
Register.php:
Code: Select all
<?PHP
include("connect.php");
include("vars.php");
//This code runs if the form ($register) has been submitted.
if (isset($_POST['register'])) {
//This makes sure they did not leave any fields blank.
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] | !$_POST['email2'] | !$_POST['vpncharacter']) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Complete all of the required fields. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Validates the username.
$pattern = "/^[a-zA-Z0-9\-_]{3,}$/";
$username = mysql_real_escape_string($_POST['username']);
if(!preg_match($pattern,$username)) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Your username " . $_POST['username'] . " contains invalid characters. It can contain characters a-z, A-Z and numbers 0-9. You can also use underscores (_) or dashes (-). <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Checks if the username is in use.
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = mysql_real_escape_string($_POST['username']);
$check = mysql_query("
SELECT * FROM `ach_users` WHERE `username` = '$usercheck'
",$connect);
$check2 = mysql_num_rows($check);
//If username exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, the username ";
echo $_POST['username'];
echo " is already in use. Maybe you should think of new one? <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Validates the password.
$pattern = "/^[a-zA-Z0-9]{6,16}$/";
$pass = mysql_real_escape_string($_POST['pass']);
if(!preg_match($pattern,$pass)) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Your password " . $_POST['pass'] . " contains invalid characters or is too long or too short. It can contain characters a-z, A-Z and numbers 0-9. And password has to be at least 6 characters short on at most 16 characters long. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//This makes sure both passwords entered match.
if ($_POST['pass'] != $_POST['pass2']) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Your passwords did not match. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Here we encrypt the password and add slashes if needed.
$password = $_POST['pass'];
$salt = hash('sha256',uniqid(mt_rand(),true));
$hashed_password = hash('sha256',$password.$salt);
//This makes sure both emails enetered match.
if ($_POST['email'] != $_POST['email2'])
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Your entered e-mails did not match. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Validates the e-mail.
$email = mysql_real_escape_string($_POST['email']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>E-mail contains invalid characters. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Checks if the e-mail is in use.
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$emailcheck = mysql_real_escape_string($_POST['email']);
$check = mysql_query("SELECT * FROM `ach_users` WHERE `email`='$emailcheck'",$connect);
$check2 = mysql_num_rows($check);
//If email exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, the e-mail ";
echo $_POST['email'];
echo " is already in use. Maybe try some other working e-mail? <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
//Checks if the vpn character name is in use.
if (!get_magic_quotes_gpc()) {
$_POST['vpncharacter'] = addslashes($_POST['vpncharacter']);
}
$vpncharactercheck = mysql_real_escape_string($_POST['vpncharacter']);
$check = mysql_query("
SELECT * FROM `ach_users` WHERE `vpncharacter`='$vpncharactercheck'
",$connect);
$check2 = mysql_num_rows($check);
//If character exists then give error.
if ($check2 != 0)
{
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Sorry, somebody else has signed up with this ";
echo $_POST['vpncharacter'];
echo " character. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottom323;
exit();
}
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
//Now we insert it into the database.
$insert = mysql_query("INSERT INTO `ach_users` (username, password, regdatetime, ip, email, vpncharacter) VALUES ('".$_POST['username']."', '$hashed_password', NOW(), '$ip', '".$_POST['email']."', '".$_POST['vpncharacter']."')",$connect);
$add_member = mysql_query($insert);
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Good news: Your account has been successfully created. You can now <a href='/ach/login.php'>log in</a>.</td></tr></table>";
echo $bottom323;
exit();
}
else {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Hello, want to sign up? Do it below, but be sure to complete all fields and enter accurate information in case we need to contact you.</td></tr></table>";
echo "
<form name='register' action='" . $_POST['PHP_SELF'] . "' method='post'>
<table width='323' class='toutborder' cellspacing='2' cellpadding='2'>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Username:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='username'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='pass'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Repeat password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='pass2'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>E-mail:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='email'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>Repeat e-mail:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='email2'></td>
</tr>
<tr width='100%'>
<td class='tinborder' align='center' width='40%'>VPN Character:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='vpncharacter'></td>
</tr>
<tr>
<td colspan='2' align='center' class='trstyle' /><input type='submit' name='register' value='Create Account!' /></td>
</tr>
</table>
</form>";
echo $bottom323;
}
?>
What is $323? It's an invalid variable name... variables should be constructed in a form of $[a-zA-Z_][a-zA-Z0-9_]* and the support for non-English alphabets is discouraged.
I know, it was temporally. Changed.
Lines 60 & 75 are vulnerable to SQLi.
Line 90 is vulnerable to XSS attacks.
Firstly what is XSS? Secondly how to make those lines not vulnerable? I checked, but couldn't find any better way.
You should use ||, not |, which is an inclusive or...
Done.