Page 1 of 2
Ethical Hacking
Posted: Tue Sep 20, 2005 1:16 pm
by Charles256
We got any of those in here? Slightly curious if my login script is secure and well wanted to know if anyone was interested in giving it a go.

Let me know if you are, either PM me or post in here and I'll PM you with the site.

I'd post the link in here but don't want it to be seen as advertising or anything like that.
Posted: Tue Sep 20, 2005 1:23 pm
by John Cartwright
Read
this thread to as to why we cannot do that.
Edit| Forgot to post link

Posted: Tue Sep 20, 2005 1:36 pm
by Charles256
now that my friends is communism at it's best...okay..anyone willing to read through 500 lines of code to look for security holes?LOL. I've looked myself but well,second opinions never hurt,.

Posted: Tue Sep 20, 2005 1:41 pm
by hawleyjr
500 lines of code for a login validation....?
Why not post your login code here and then list some concerns you may have.
Posted: Tue Sep 20, 2005 1:41 pm
by Weirdan
Post a link to your source code (don't post the code itself on forums, it's hard to read when it's 30+ lines or so), maybe there're enthusiasts, who knows.
Posted: Tue Sep 20, 2005 1:46 pm
by Charles256
it's actually login/registration

and when I get home I'll post the code on a site and color it pretty and everything so it's easy to read:-D
Posted: Tue Sep 20, 2005 1:59 pm
by John Cartwright
Roja wrote:Any attempts across network is against both US law and international law.
Charles256 wrote:now that my friends is communism at it's best...
How is this communism..
Charles256 wrote:
it's actually login/registration Very Happy and when I get home I'll post the code on a site and color it pretty and everything so it's easy to read:-D
Post it here using
Posted: Tue Sep 20, 2005 2:01 pm
by Charles256
they're taking away my right to ask for someone to hack me?:-D It should be my choice! that and i use the word communism whenever I am frustrated..

here is the registration page
Posted: Tue Sep 20, 2005 2:03 pm
by Charles256
Code: Select all
Please enter all of the requested information. Fields that are required the field name will be
<font color="#FF0000"> red </font>. All other fields are optional. All users will have to be
approved before they can login. When you are approved an e-mail will be sent to you with your username
and password. <br>
<Br>
<form method="post" action="http://www.chalkheadbaptist.com/index.php?page=members®ister=yes&procregister=yes">
<table>
<tr>
<td>
<font color="#FF0000">Username</font>:</td>
<td>
<input type="text" name="username" value="<?php echo ("$username") ?>">
</td>
<td><font color="#990099"> <?php echo ($usernamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Password</font>:</td>
<td>
<input type="password" name="password" value="<?php echo($password) ?>">
</td>
<td><font color="#990099"> <? echo ($passworde) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">First Name</font>:
</td>
<td>
<input type="text" name="fname" value="<?php echo($fname) ?>">
</td>
<td><font color="#990099"> <? echo ($fnamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Last Name</font>:
</td>
<td>
<input type="text" name="lname" value="<?php echo($lname) ?>">
</td>
<td><font color="#990099"> <? echo ($lnamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">E-Mail Address</font>:
</td>
<td>
<input type="text" name="email" value="<?php echo($email) ?>">
</td>
<td> <font color="#990099"><? echo ($emaile) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Birthday</font>:
</td>
<td>
<select name="day">
<?php
if ($day!='')
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'");
if ($day==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="month">
<?php
if ($month!='')
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'");
if ($month==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="year">
<?php
if ($year!='')
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'");
if ($year==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
</td>
<td> </td>
</tr>
<tr>
<td>
<font color="#FF0000">Are you married?
</font></td>
<td>
<?php
if ($married!='')
{
echo ("<input type='radio' name='married' value='$married' checked>$married");
}
else
{
?>
<input type="radio" name="married" value="yes">Yes
<br>
<input type="radio" name="married" value="no" checked>No
<?php
}
?>
</td>
<td> </td>
</tr>
<tr>
<td>
When were you married?
</td>
<td>
<select name="mday">
<?php
if ($mday!='')
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'");
if ($mday==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="mmonth">
<?php
if ($mmonth!='')
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'");
if ($mmonth==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="myear">
<?php
if ($myear!='')
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'");
if ($myear==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
</td>
<td> </td>
</tr>
<tr>
<td align="right">
<input type="submit" name="register" value="register">
</td>
</tr>
</table>
</form>
the login page
Posted: Tue Sep 20, 2005 2:03 pm
by Charles256
Code: Select all
Welcome. Below enter the user name and password you registered with.
<form name="login" action="index.php?page=members&testing=true" method="post">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
<input type="submit" name="login" value="login">
</td>
</tr>
</table>
</form>
<table border="1" bordercolor="#000000">
<tr>
<td>
<a href="http://www.chalkheadbaptist.com/index.php?page=members®ister=yes">Not Registered? Sign up!</a>
</td>
<td bordercolor="#000000">
Forgot your password?
</td>
</tr>
</table>
processing the registration
Posted: Tue Sep 20, 2005 2:06 pm
by Charles256
Code: Select all
{
$username=strtolower($_POST['username']);
$password=$_POST['password'];
$upassword=md5($password);
$lname=$_POST['lname'];
$fname=$_POST['fname'];
$day=$_POST['day'];
if ($day <= 10 )
{
$day='0'.$day;
}
$month=$_POST['month'];
if ($month <= 10 )
{
$month='0'.$month;
}
$year=$_POST['year'];
$married=$_POST['married'];
$mday=$_POST['mday'];
if ($mday <= 10 )
{
$mday='0'.$mday;
}
$mmonth=$_POST['mmonth'];
if ($mmonth <= 10 )
{
$mmonth='0'.$mmonth;
}
$myear=$_POST['myear'];
$email=strtolower($_POST['email']);
$error='false';
if (empty($username))
{
$usernamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
$name=mysql_fetch_object($result);
if ($username==$name->Username)
{
$usernamee="That username is already taken, please try another one.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $username))
{
$usernamee="Please only enters letters and numbers.";
$error='true';
}
if (empty($password))
{
$passworde="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $password))
{
$passworde="Please only enters letters and numbers.";
$error='true';
}
if (empty($fname))
{
$fnamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $fname))
{
$fnamee="Please only enters letters and numbers. For example leave out your middle name. ";
$error='true';
}
if (empty($lname))
{
$lnamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $lname))
{
$lnamee="Please only enters letters and numbers. For example, exclude your title. I.E.- Jr.";
$error='true';
}
if (empty($email))
{
$emaile="You didn't enter anything into this field, please enter something.";
$error='true';
}
if ( !eregi('^[-a-z0-9!#$%&\'*+/=?^_<{|}~]+(\.[-a-zA-Z0-9!#$%&\'*+/=?^_<{|}~]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.[a-z0-9-]{2,}$', $email) ) {
$emaile = "Please enter a valid E-mail address.";
}
if ($email==$name->Email)
{
$emaile="Someone else is all ready using that e-mail address.";
$error='true';
}
}
Actual insertation into the database if they pass error checking
Code: Select all
if ($error=="false")
{
$sql=mysql_query("INSERT INTO member(Username, Password, Fname, Lname, Email, Bday, Married, Dmarried) VALUES ('$username','$upassword','$fname','$lname','$email','".$day.$month.$year."','$married','".$mday.$mmonth.$myear."')");
?>
Congratulations, you have successfully registered. Your registration information is as follows. Unfortunatly, you're account will have to be activated before you can log in. Save the information from this page for future reference.<br>
<br>
<?php
echo (" Username: $username <br> Password: $password <br> First Name: $fname <br>
Last Name: $lname <br> E-Mail Address: $email <br> Birthday:".$day.$month.$year."<br>");
if ($married=='no')
{
echo("Married: $married");
}
if ($married=='yes')
{
echo("Married: $married<br>Date Married:".$mday.$mmonth.$myear."<br>");
}
$message = "Thank you for registering $fname $lname.\nYour login information is as follows.\nUsername: $username\nPassword:$password\nWithin forty eight hours your account should be activated.\n Thank you for your patience.\n\nIf you recieved this e-mail without registering at the site mentioned contact webmaster@chalkheadbaptist.com immediatly.\nBy doing so we can take steps to make sure whatever error occurred is promptly fixed.";
$to=$email;
$subject="Thank you for registering at ChalkheadBaptist.com";
$headers='From:webmaster@chalkheadbaptist.com'."\r\n".'Reply-To:webmaster@chalkheadbaptist.com'."\r\n";
mail($to, $subject, $message, $headers);
}
and loggin in
Posted: Tue Sep 20, 2005 2:07 pm
by Charles256
if you have read this far you are probably a saint
Code: Select all
if ($_REQUEST['testing']=='true')
{
$password=md5($_POST['password']);
$username=strtolower($_POST['username']);
$nresult=mysql_query("SELECT * FROM member WHERE Username='$username'");
$row=mysql_fetch_object($nresult);
if (mysql_num_rows($nresult) != '1' OR $password != $row->Password)
{
?>
Invalid username or password, please try <a href="http://www.chalkheadbaptist.com/index.php?page=members">again.</a>
<?php
}
else if ($row->Active=='0')
{
echo ("While your name is registered you have not been approved. As such you do not have access to any of our member functions yet. We apologize for any inconvience.");
}
Posted: Tue Sep 20, 2005 2:12 pm
by John Cartwright
I don't really have time right now to look over your code at the moment, but at a quick glance I see a few things you should probably change
Code: Select all
$username=strtolower($_POST['username']);
You have not sanitized this variable, which is extremely dangerous especially during log-ins.
You should
ALWAYS sanitize every piece of input possible.. never trust the user..
EVER
Code: Select all
$username=strtolower(mysql_real_escape_string($_POST['username']));
Probably better to change your query to something like
Code: Select all
$password=md5($_POST['password']);
$username=strtolower(mysql_real_escape_string($_POST['username']));
$nresult=mysql_query("SELECT * FROM member WHERE Username='$username' AND Password = '$password' LIMIT 1");
if (mysql_num_rows($nresult))
{
//now fetch the object
$row=mysql_fetch_object($nresult);
Along with mysql_real_escape_string I would probably convert all input to html_entities() just incase they tried inserting malicious code
Posted: Tue Sep 20, 2005 2:16 pm
by Charles256
thanks for those tips.this is my first login/registration type system to be honest so i appreciate all the feedback:-D
Posted: Tue Sep 20, 2005 2:37 pm
by Weirdan
Jcart wrote:
Post it here using
Code: Select all
tags [/quote]
500+ lines? Ahh... nevermind... he's posted already