web security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ija
Forum Newbie
Posts: 11
Joined: Wed Aug 03, 2005 11:14 pm

web security

Post by ija »

i've developed a system where only registered user can access it. I use session to control the user login process and also for system security which means any unregistered user can't log on the system and the system should cannot bypass the next url without login first.


I've run this system on windows and it's working.But when i run on OES(open enterprise server), a warning error come out on every page after login.The system also can accessed without login. It pass all the url after login page.

***********************************************************
WARNING ERROR ON OES(open enterprise server):

Warning: Cannot modify header information - headers already sent by (output started at /srv/www/htdocs/epantau/index.php:13) in /srv/www/htdocs/epantau/incSession.php on line 4


***********************************************************
Can anyone help me..:(



Here's the code::


Login.php
**********************************************************
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<script>


function changeScrollbarColor(C){
if (document.all){
document.body.style.scrollbarBaseColor = C
}
}

</script>
<style>
body{
scrollbar-base-color:#F0D9A4
}
</style>

<style type="text/css">
<!--
-->

body {
margin-top:100px;

}
</style>
</head>

<body bgcolor="#FAEDCF">
<form action="dblogin.php" method="post">
<div align="center">
<table width="545" border="2" bgcolor="#FFFFFF">
<tr bgcolor="#F0D9A4">
<td colspan="2"><div align="center"><font color="#000000" size="4" face="Arial, Helvetica, sans-serif">
<strong>LOGIN</strong></font></div></td>
</tr>
<tr>
<td colspan="2">
<div align="right">
<table width="100%" border="0"bgcolor="#F8E3B8">
<tr>
<td colspan="2">
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td width="46%">&nbsp;</td>
<td width="54%"></td>
</tr>
<tr>
<td><div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">User Id:</font></strong></div></td>
<td><strong><font size="2" face="Arial, Helvetica, sans-serif">
<input type="text" name="email">
</font></strong></td>
</tr>
<tr>
<td><div align="right"><strong><font size="2" face="Arial, Helvetica, sans-serif">Password:</font></strong></div></td>
<td><strong><font size="2" face="Arial, Helvetica, sans-serif">
<input type="password" name="password">
</font></strong></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" value="Login"> <input type="submit" name="reset" value="Batal"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="hidden" name="psRefer" value="<? echo($refer) ?>">
<font size="2" face="Arial, Helvetica, sans-serif"><strong></strong></font></td>
</tr>
</table>
</div>
</td>
</tr>
</table>
</div>
</body>
</html>
********************************************************



dblogin.php
*********************************************************
<?
$db="upentrg";
$table="login";


if($email == '' || $password == '')
{
header('Location:login.php?refer='.urlencode($psRefer));
}
else
{
$con=mysql_connect("localhost","root","");
mysql_select_db($db,$con);


$q="select id, MD5(UNIX_TIMESTAMP() + id + RAND(UNIX_TIMESTAMP())) GUID from $table where email='$email' AND password='$password'";

$rslt=mysql_query($q,$con);

if(mysql_num_rows($rslt))
{
$prslt=mysql_fetch_row($rslt);

$q="update $table set GUID='$prslt[1]'
WHERE id = $prslt[0]";
mysql_query($q,$con);

setcookie("session_id",$prslt[1]);

if(!$psRefer)
$psRefer='index.php';
header('Location:'.$psRefer);
}
else
{
header('Location:login.php?refer='.urlencode($psRefer));
}
}

?>

***********************************************************



incSession.php
***********************************************************
<?php
// Check for a cookie, if none got to login page
if(!isset($HTTP_COOKIE_VARS['session_id'])) {
header('Location:login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

$expirationtime=time()-12000;

// Try to find a match in the database
$GUID = $HTTP_COOKIE_VARS['session_id'];
$hDB = mysql_connect("localhost","root","");
mysql_select_db('upentrg', $hDB);

$sQuery = "
Select id,masa
From login
Where GUID = '$GUID' OR masa < '$expirationtime'";

$hResult = mysql_query($sQuery, $hDB);

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location:login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}
?>
******************************************************


index.php
*******************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><!-- Provided by MyFreeTemplates.com -->
<title>ePantau</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<meta name="keywords" content="Keywords here">

<meta name="description" content="Description here">

<meta name="Author" content="MyFreeTemplates.com">

<meta name="robots" content="index, follow">
<!-- (Robot commands: All, None, Index, No Index, Follow, No Follow) -->
<meta name="revisit-after" content="30 days">

<meta name="distribution" content="global">

<meta name="rating" content="general">

<meta name="Content-Language" content="english">

<script language="JavaScript" type="text/JavaScript" src="images/myfreetemplates.js"></script>
<script language="JavaScript" src="images/menu.js" type="text/JavaScript"></script>
<link href="images/myfreetemplates.css" rel="stylesheet" type="text/css">

<script language="JavaScript" src="images/mm_menu.js"></script>
<style type="text/css">
A.linka:link{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #006699;text-decoration: none;}
A.linka:visited{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #006699;text-decoration: none;}
A.linka:hover{font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #ff6600;text-decoration: underline;}
A.toplink:link {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #FFFFFF;letter-spacing: 1px;text-decoration: none;}
A.toplink:visited {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: normal;color: #FFFFFF;letter-spacing: 1px;text-decoration: none;}
A.toplink:hover {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #FFCC0C;letter-spacing: 1px;text-decoration: none;}
A.tmaroon:link {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #000000;text-decoration: none;}
A.tmaroon:visited {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: #000000;text-decoration: none;}
A.tmaroon:hover {font-family: "Trebuchet MS", Arial, Verdana;font-size: 8pt;font-weight: bold;color: red;text-decoration: underline;}
</style></head>
<?
require('incSession.php');
?>
<body leftmargin="0" topmargin="0" onload="MM_preloadImages('images/btn_main_dn.gif','images/btn_aboutus_dn.gif','images/btn_contact_dn.gif','images/btn_services_dn.gif')" marginheight="0" marginwidth="0">
<script language="JavaScript1.2">mmLoadMenus();</script>
<img src="images/spacer.gif" height="1" width="589">
<table align="center" border="0" cellpadding="0" cellspacing="0" height="100%" width="934">

<tbody>
<tr>
<td height="62" width="186">
<a href="http://www.myfreetemplates.com"><img src="images/toplogo.gif" alt="" border="0" height="62" width="186"></a></td>
<td colspan="3" background="images/topbg.gif" height="62" width="1006">&nbsp; </td>
</tr>
<tr>
<td colspan="4" background="images/base2.gif" height="24">
<table border="0" cellpadding="0" cellspacing="0" width="775">
<tbody>
<tr>
<td height="37">&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td> </td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td>
</td><td></td>
<td colspan="2" align="center">
<strong><font color="#ffffff"><a href="usermenu.php?" class="toplink">Penyelenggaraan Pengguna</a></font></strong> </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td height="114" width="186"><table border="0" cellpadding="0" cellspacing="0" width="136">
<tbody>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="eis/index.php" class="sidetable">ePantau EIS</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="pms/home.php" class="sidetable">ePantau PMS</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="#" class="sidetable"><br>
</a></strong></td>
</tr>
<tr>
<td style="border-top: 1px dotted rgb(166, 189, 242); padding-top: 4px; padding-bottom: 14px;"><strong> <a href="#" class="sidetable"><br>
</a></strong></td>
</tr>
</tbody>
</table>
<p class="link"><a href="logout.php">Logout</a></p></td>
<td colspan="3" height="114"><table border="0" height="77" width="125">
<tbody><tr>
<td><div align="right"><img src="images/pemandangan740baru.jpg" height="289" width="741"></div></td>
</tr>
</tbody></table></td>
</tr>
<tr valign="top">
<td style="border-right: 1px dotted; padding-left: 19px;" height="233" width="186">&nbsp; </td>
<td colspan="3" style="padding-left: 12px; padding-top: 7px;">
<h1 style="margin: 0pt;">::
Selamat Datang ::</h1>
<br>
<span style="font-family: Arial;"><big>Sistem
ePantau adalah sebuah sistem yang memantau Projek-projek yang
dijalankan di negeri terengganu. Di samping itu, sistem ini juga
memantau sistem-sistem yang terdapat di Pejabat-pejabat Kerajaan negeri
Terengganu.</big></span>
<p><big>&nbsp;</big></p>
<table border="0" height="117" width="732">
<tbody><tr>
<td height="24"><div align="center">Diilhamkan oleh: </div></td>
<td> <div align="center">Diselenggarakan oleh:</div></td>
<td><div align="center">Dibangunkan oleh: </div></td>
<td><div align="center">Powered by:</div></td>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td height="87" width="141"><div align="center"><img src="images/mb.jpg" height="85" width="68"></div></td>
<td width="179"><div align="center"><img src="images/logoupmn.gif" height="50" width="82"></div></td>
<td width="144"><div align="center"><img src="images/logo_cerdasvest1.jpg" height="51" width="63"></div></td>
<td width="79"><img src="images/suse_91_welcome.jpg" height="82" width="72"></td>
<td width="69"><img src="images/dell_logo.jpg" height="42" width="58"></td>
<td width="94"><img src="images/novell_logo.gif" height="42" width="39"> </td>
</tr>
</tbody></table></td>
</tr>
<tr>
<td colspan="4" height="18">&nbsp;</td>
</tr>
<tr>
<td colspan="4" background="images/base2.gif" height="22">&nbsp;</td>
</tr>
</tbody>
</table>

</body></html>
***********************************************************
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

viewtopic.php?t=1157

...and please, post php code using [syntax=php]tags next time.[/syntax]
ija
Forum Newbie
Posts: 11
Joined: Wed Aug 03, 2005 11:14 pm

login fail

Post by ija »

hi feyd,

Thanx for da solution. It's success, there's no warning error anymore..
but the problem now is i can't login to the system. Is that because of database connection problem?For ur information, this problem come because i use OES platform. I transfer the database into this server just by copy and paste.

;)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Glad to help.

I'm not quite sure where your problem would lie.. time to learn to debug I guess :lol:
User avatar
wwwapu
Forum Contributor
Posts: 197
Joined: Wed Apr 07, 2004 11:57 am
Location: Turku, Finland

Post by wwwapu »

register_globals might cause you trouble. I bet OES has it off

Code: Select all

<input type="hidden" name="psRefer" value="<? echo($refer) ?>">
Also check out if OES uses PHP 5 http://fi2.php.net/manual/en/ini.core.p ... ong-arrays
Post Reply