Page 1 of 2

Ethical Hacking

Posted: Tue Sep 20, 2005 1:16 pm
by Charles256
We got any of those in here? Slightly curious if my login script is secure and well wanted to know if anyone was interested in giving it a go. :-D Let me know if you are, either PM me or post in here and I'll PM you with the site. :-D I'd post the link in here but don't want it to be seen as advertising or anything like that.

Posted: Tue Sep 20, 2005 1:23 pm
by John Cartwright
Read this thread to as to why we cannot do that.

Edit| Forgot to post link :wink:

Posted: Tue Sep 20, 2005 1:36 pm
by Charles256
now that my friends is communism at it's best...okay..anyone willing to read through 500 lines of code to look for security holes?LOL. I've looked myself but well,second opinions never hurt,. :)

Posted: Tue Sep 20, 2005 1:41 pm
by hawleyjr
500 lines of code for a login validation....?

Why not post your login code here and then list some concerns you may have.

Posted: Tue Sep 20, 2005 1:41 pm
by Weirdan
Post a link to your source code (don't post the code itself on forums, it's hard to read when it's 30+ lines or so), maybe there're enthusiasts, who knows.

Posted: Tue Sep 20, 2005 1:46 pm
by Charles256
it's actually login/registration :-D and when I get home I'll post the code on a site and color it pretty and everything so it's easy to read:-D

Posted: Tue Sep 20, 2005 1:59 pm
by John Cartwright
Roja wrote:Any attempts across network is against both US law and international law.
Charles256 wrote:now that my friends is communism at it's best...
How is this communism..
Charles256 wrote: it's actually login/registration Very Happy and when I get home I'll post the code on a site and color it pretty and everything so it's easy to read:-D
Post it here using

Code: Select all

tags

Posted: Tue Sep 20, 2005 2:01 pm
by Charles256
they're taking away my right to ask for someone to hack me?:-D It should be my choice! that and i use the word communism whenever I am frustrated.. :-D

here is the registration page

Posted: Tue Sep 20, 2005 2:03 pm
by Charles256

Code: Select all

Please enter all of the requested information. Fields that are required the field name will be 
	<font color="#FF0000"> red </font>. All other fields are optional. All users will have to be 
	approved before they can login. When you are approved an e-mail will be sent to you with your username
	and password.  <br>
	<Br>
	<form method="post" action="http://www.chalkheadbaptist.com/index.php?page=members&register=yes&procregister=yes">
	<table>
		<tr>
			<td>
				<font color="#FF0000">Username</font>:</td>
			<td>
				<input type="text" name="username" value="<?php echo ("$username") ?>">
			</td>
	    	<td><font color="#990099">&nbsp;<?php echo ($usernamee) ?>
			</font></td>
		</tr>
		<tr>
			<td>
				<font color="#FF0000">Password</font>:</td>
			<td>
				<input type="password" name="password" value="<?php echo($password) ?>">
			</td>
	    	<td><font color="#990099">&nbsp; <? echo ($passworde) ?>
			</font></td>
		</tr>
		<tr>
			<td>
				<font color="#FF0000">First Name</font>:
			</td>
			<td>
				<input type="text" name="fname" value="<?php echo($fname) ?>">
			</td>
	    	<td><font color="#990099">&nbsp;<? echo ($fnamee) ?>
			</font></td>
		</tr>
		<tr>
			<td>
				<font color="#FF0000">Last Name</font>:
			</td>
			<td>
				<input type="text" name="lname" value="<?php echo($lname) ?>">
			</td>
	    	<td><font color="#990099">&nbsp; <? echo ($lnamee) ?>
			</font></td>
		</tr>
		<tr>
			<td>
				<font color="#FF0000">E-Mail Address</font>:
			</td>
			<td>
				<input type="text" name="email" value="<?php echo($email) ?>">
			</td>
			<td> <font color="#990099"><? echo ($emaile) ?>
			</font></td>
		</tr>
		<tr>
			<td>
				<font color="#FF0000">Birthday</font>:
			</td>
			<td>
				<select name="day">
			<?php
		if ($day!='')
		{
			$i=1;
			while ($i<13)
			{
				echo ("<option value='$i'");
				if ($day==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
				$i=1;
					while ($i<13)
					{
						echo ("<option value='$i'>$i");
						$i++;
					}
		}
		?>
		</select>
		<select name="month">
		<?php
		if ($month!='')
		{
			$i=1;
			while ($i<33)
			{
				echo ("<option value='$i'");
				if ($month==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
			$i=1;
			while ($i<33)
			{
				echo ("<option value='$i'>$i");
				$i++;
			}
		}
		?>
		</select>
		<select name="year">
		<?php
		if ($year!='')
		{
			$i=1900;
			while ($i<2005)
			{
				echo ("<option value='$i'");
				if ($year==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
			$i=1900;
			while ($i<2005)
			{
				echo ("<option value='$i'>$i");
				$i++;
			}
		}
		?>
		</select>
		</td>
	    <td>&nbsp;</td>
	</tr>
	<tr>
		<td>
			<font color="#FF0000">Are you married?
	    	</font></td>
		<td>
		<?php
		if ($married!='')
		{
			echo ("<input type='radio' name='married' value='$married' checked>$married");
		}
		else
		{
		?>
			<input type="radio" name="married" value="yes">Yes
			<br>
			<input type="radio" name="married" value="no" checked>No
		<?php
		}
		?>
		</td>
	    <td>&nbsp;</td>
	</tr>
	<tr>
		<td>
		When were you married?
		</td>
		
		<td>
		<select name="mday">
		<?php
		if ($mday!='')
		{
			$i=1;
			while ($i<13)
			{
				echo ("<option value='$i'");
				if ($mday==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
			$i=1;
			while ($i<13)
			{
				echo ("<option value='$i'>$i");
				$i++;
			}
		}
		?>
		</select>
		<select name="mmonth">
		<?php
		if ($mmonth!='')
		{
			$i=1;
			while ($i<33)
			{
				echo ("<option value='$i'");
				if ($mmonth==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
			$i=1;
			while ($i<33)
			{
				echo ("<option value='$i'>$i");
				$i++;
			}
		}
		?>
		</select>
		<select name="myear">
		<?php
		if ($myear!='')
		{
			$i=1900;
			while ($i<2005)
			{
				echo ("<option value='$i'");
				if ($myear==$i)
				{
					echo (" selected");
				}
				echo (">$i");
				$i++;
			}
		}
		else
		{
			$i=1900;
			while ($i<2005)
			{
				echo ("<option value='$i'>$i");
				$i++;
			}
		}
		?>
		</select>
		</td>
	    <td>&nbsp;</td>
	</tr>
	<tr>
		<td align="right">
		<input type="submit" name="register" value="register">
		</td>
	</tr>
</table>
</form>

the login page

Posted: Tue Sep 20, 2005 2:03 pm
by Charles256

Code: Select all

Welcome. Below enter the user name and password you registered with.

	<form name="login" action="index.php?page=members&testing=true" method="post">
	<table>
		<tr>
			<td>
				Username:
			</td>
			<td>
				<input type="text" name="username">
			</td>
		</tr>
		<tr>
			<td>
				Password:
			</td>
			<td>
				<input type="password" name="password">
			</td>
		</tr>
		<tr>
			<td>
				<input type="submit" name="login" value="login">
			</td>
		</tr>
	</table>
	</form>
	<table border="1" bordercolor="#000000">
		<tr>
			<td>
		  		<a href="http://www.chalkheadbaptist.com/index.php?page=members&register=yes">Not Registered? Sign up!</a> 
			</td>
			<td bordercolor="#000000">
				Forgot your password? 
			</td>
		</tr>
	</table>

processing the registration

Posted: Tue Sep 20, 2005 2:06 pm
by Charles256

Code: Select all

{
		$username=strtolower($_POST['username']);
		$password=$_POST['password'];
		$upassword=md5($password);
		$lname=$_POST['lname'];
		$fname=$_POST['fname'];
		$day=$_POST['day'];
		if ($day <= 10 )
		{
			$day='0'.$day;
		}
		$month=$_POST['month'];
		if ($month <= 10 )
		{
			$month='0'.$month;
		}
		$year=$_POST['year'];
		$married=$_POST['married'];
		$mday=$_POST['mday'];
		if ($mday <= 10 )
		{
			$mday='0'.$mday;
		}
		$mmonth=$_POST['mmonth'];
		if ($mmonth <= 10 )
		{
			$mmonth='0'.$mmonth;
		}
		$myear=$_POST['myear'];
		$email=strtolower($_POST['email']);
		$error='false';
		if (empty($username))
		{
			$usernamee="You didn't enter anything into this field, please enter something.";
			$error='true';
		}
		$name=mysql_fetch_object($result);
		if ($username==$name->Username)
		{
			$usernamee="That username is already taken, please try another one.";
			$error='true';
		}
		if (ereg("[^a-zA-Z0-9]", $username))
   		{
			$usernamee="Please only enters letters and numbers.";
   			$error='true';
   		}
		if (empty($password))
		{
			$passworde="You didn't enter anything into this field, please enter something.";
			$error='true';
		}
		if (ereg("[^a-zA-Z0-9]", $password))
   		{
			$passworde="Please only enters letters and numbers.";
   			$error='true';
   		}
		if (empty($fname))
		{
			$fnamee="You didn't enter anything into this field, please enter something.";
			$error='true';
		}
		if (ereg("[^a-zA-Z0-9]", $fname))
   		{
			$fnamee="Please only enters letters and numbers. For example leave out your middle name. ";
   			$error='true';
   		}
		if (empty($lname))
		{
			$lnamee="You didn't enter anything into this field, please enter something.";
			$error='true';
		}
		if (ereg("[^a-zA-Z0-9]", $lname))
   		{
			$lnamee="Please only enters letters and numbers. For example, exclude your title. I.E.- Jr.";
   			$error='true';
   		}
		if (empty($email))
		{
			$emaile="You didn't enter anything into this field, please enter something.";
			$error='true';
		}
		if ( !eregi('^[-a-z0-9!#$%&\'*+/=?^_<{|}~]+(\.[-a-zA-Z0-9!#$%&\'*+/=?^_<{|}~]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.[a-z0-9-]{2,}$', $email) ) {
 		$emaile = "Please enter a valid E-mail address.";
 		}
		if ($email==$name->Email)
		{
			$emaile="Someone else is all ready using that e-mail address.";
			$error='true';
		}
	}
Actual insertation into the database if they pass error checking

Code: Select all

if ($error=="false")
		{
		$sql=mysql_query("INSERT INTO member(Username, Password, Fname, Lname, Email, Bday, Married, Dmarried) VALUES ('$username','$upassword','$fname','$lname','$email','".$day.$month.$year."','$married','".$mday.$mmonth.$myear."')");		
		?>
			Congratulations, you have successfully registered. Your registration information is as follows. Unfortunatly, you're account will have to be activated before you can log in. Save the information from this page for future reference.<br>
			<br>
		<?php
			echo (" Username: $username <br> Password: $password <br> First Name: $fname <br>
			Last Name: $lname <br> E-Mail Address: $email <br> Birthday:".$day.$month.$year."<br>");
			if ($married=='no')
			{
				echo("Married: $married");
			}
			if ($married=='yes')
			{
				echo("Married: $married<br>Date Married:".$mday.$mmonth.$myear."<br>");
			}
			
			$message = "Thank you for registering $fname $lname.\nYour login information is as follows.\nUsername: $username\nPassword:$password\nWithin forty eight hours your account should be activated.\n       Thank you for your patience.\n\nIf you recieved this e-mail without registering at the site mentioned contact webmaster@chalkheadbaptist.com immediatly.\nBy doing so we can take steps to make sure whatever error occurred is promptly fixed.";
			$to=$email;
			$subject="Thank you for registering at ChalkheadBaptist.com";
			$headers='From:webmaster@chalkheadbaptist.com'."\r\n".'Reply-To:webmaster@chalkheadbaptist.com'."\r\n";
			mail($to, $subject, $message, $headers);
		}

and loggin in

Posted: Tue Sep 20, 2005 2:07 pm
by Charles256
if you have read this far you are probably a saint :-D

Code: Select all

if ($_REQUEST['testing']=='true')
{
	$password=md5($_POST['password']);
	$username=strtolower($_POST['username']);
	$nresult=mysql_query("SELECT * FROM member WHERE Username='$username'");
	$row=mysql_fetch_object($nresult);
	if (mysql_num_rows($nresult) != '1' OR $password != $row->Password)
	{
	?>
	Invalid username or password, please try <a href="http://www.chalkheadbaptist.com/index.php?page=members">again.</a>
	<?php
	}
	else if ($row->Active=='0')
	{
		echo ("While your name is registered you have not been approved. As such you do not have access to any of our member functions yet. We apologize for any inconvience.");
	}

Posted: Tue Sep 20, 2005 2:12 pm
by John Cartwright
I don't really have time right now to look over your code at the moment, but at a quick glance I see a few things you should probably change

Code: Select all

$username=strtolower($_POST['username']);
You have not sanitized this variable, which is extremely dangerous especially during log-ins.
You should ALWAYS sanitize every piece of input possible.. never trust the user.. EVER

Code: Select all

$username=strtolower(mysql_real_escape_string($_POST['username']));
Probably better to change your query to something like

Code: Select all

$password=md5($_POST['password']);
    $username=strtolower(mysql_real_escape_string($_POST['username']));
    $nresult=mysql_query("SELECT * FROM member WHERE Username='$username' AND Password = '$password' LIMIT 1");
    if (mysql_num_rows($nresult))
    { 
            //now fetch the object
            $row=mysql_fetch_object($nresult);
Along with mysql_real_escape_string I would probably convert all input to html_entities() just incase they tried inserting malicious code

Posted: Tue Sep 20, 2005 2:16 pm
by Charles256
thanks for those tips.this is my first login/registration type system to be honest so i appreciate all the feedback:-D

Posted: Tue Sep 20, 2005 2:37 pm
by Weirdan
Jcart wrote: Post it here using

Code: Select all

tags [/quote]
500+ lines? Ahh... nevermind... he's posted already