Strange problem with PHP

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
fernando2005
Forum Newbie
Posts: 8
Joined: Tue May 31, 2005 3:04 pm
Location: Honduras

Strange problem with PHP

Post by fernando2005 »

Hi everyone, I'm having some trouble with a site I'm designing.
These are the pages I'm working with:
Index.php -> Control.php -> Main.php
Index.php: has a form to enter user and pwd.
Control.php: checks user, pwd and redirects the user to Main or Index depending on the correct values of these fields.
Main.php: has the code of the program.

Well, the thing is that if I open Index.php it calls Control.php, if there's any trouble in it (wrong pwd, wrong user, etc..) it calls an error function from error.php, but if everything's ok it doesn't let the user pass to Main.php unless you've previously made some mistake in entering the user or pwd.

My control.php file looks like these:

Code: Select all

<?php
session_start(); 
include "errores.php";
require ("db_config.inc.php");
   $sql = "SELECT * FROM usuariosceros WHERE usuario = '".$_POST["user"]."'";
   $result = mssql_query($sql, $conex);  
   $filas = mssql_num_rows($result);
   if ($filas <= 0)
  	{ error(13, $_POST["user"]); exit; }   
   $n1 = mssql_result($result,0, 1);  
   if (trim($n1) != trim($_POST["pwd"]))
  	{ error (1, "Usuario o Contraseña"); exit; }     	
   $permi = mssql_result($result, 0, 2);
   if ($permi == 0)
       { error (14, $_POST["user"]); exit; }	
   $user = $_POST["user"];
   $_SESSION["valid"]= "YES"; 
   header ("Location: Main.php?userID=".trim($user));  
?>
Any clues...Hope someone can help. I'm using IIS 5.0, PHP 5.0, MSSQL 2000. There's 0 possibility of changing IIS 5.0 cause there are other applications in other languages running OK there.

Thank you.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I would rewrite that somewhat like the following:

Code: Select all

<?php
// debug
ini_set('error_reporting', E_ALL);
ini_set('display_errors', TRUE);

// start session
session_start();

// include libraries
require_once("errores.php");
require_once("db_config.inc.php");

// test if user and password have been posted
if (!isset($_POST['user']) || !isset($_POST['password']))
{
  // boe boe i dont like you
  exit();
}

// TODO: clean up the posted user and password
$user = $_POST['user'];
$password = $_POST['password'];

// See if there is a user with this password
$sql = "SELECT COUNT(*) AS count FROM usuariosceros WHERE usuario='$user' AND password='$password'";
$rs = mssql_query($sql, $conex);
$row = mssql_fetch_assoc($rs);

// Nobody found
if ($row['count'] <= 0)
{
  // invalid combination...
  exit();
}
else
{
  // valid user
  $_SESSION["valid"]= "YES";
  header("Location: Main.php?userID=$user");
}  
?>
Post Reply