I've got a small web app setup, but I don't know a whole lot about the finer details in security
A friend gave this to me when I asked him for a login/password checking script:
Code: Select all
<?
if(isset($HTTP_COOKIE_VARS['username']) && isset($HTTP_COOKIE_VARS['password'])){
$username = safeString($HTTP_COOKIE_VARS['username']);
$password = safeString($HTTP_COOKIE_VARS['password']);
}
else if(isset($HTTP_POST_VARS['username']) && isset($HTTP_POST_VARS['password'])){
$username = safeString($_POST['username']);
$password = safeString($_POST['password']);
} else {
include 'login.php';
exit();
}
include 'dbconnect.inc.php';
$qstr = "SELECT username, password FROM members WHERE username = '".$username."' and password = '".$password."'";
$result = mysql_query($qstr);
if (mysql_num_rows($result)) {
setcookie("username", $username,0,"/");
setcookie("password", $password,0,"/");
} else {
include 'login.php';
exit();
}
function safeString($targetVariable) {
$targetVariable = addslashes(trim($targetVariable));
return $targetVariable;
}
?>and my second question is to deal with a database connection include.
If all the details for the database are in the include, like $host, $db, $dbuser, etc, is that a security issue in itself?
Is it possible to exploit that include somehow and modify the database contents?
If my questions are lacking detail just let me know, and I'll pull up some examples or something.
thanks for any help