Login System

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Login System

Post by pcoder »

Hi,
It is really very difficult to develop secure login system.
I have made one login system , with the help of this forum  i want to check whether it is secure or
not. I have posted all the related code. Is there any possible for sql injection. If not what will be the best method
to make it more secure.
 

Code: Select all

 
<? 
 
if($_SERVER['REQUEST_METHOD']=="POST"){
    $usrname = $_POST['myuserid'];
    $password = trim($_POST['mypassword']);
    using('PIS.Logger');
    $objLogger = new Logger;
    $objLogger->login($usrname);
    $data = $objLogger->dbFetchArray(1);
    if(isset($data['USR_NAME']) && $data['USR_NAME'] == $usrname){
        if(isset($data['PWD']) && $data['PWD'] == $password){
            if(isset($data['STATUS']) && $data['STATUS'] == 'E'){
                $_SESSION['privillage'] = $data['PREVILAGE'];               
                _Redirect("content/personnel_detail.php?List&tm=1");
            }
            else{
                $_SESSION['err_msg'] = 'User Disabled';
            }
        }
        else{
            $_SESSION['err_msg'] = 'Password Mismatch';
        }
    }
    else{
        $_SESSION['err_msg'] = 'Invalid Username';
    }
}
?>
--------------------------------------------------------------------------------------------
    function login($uid){
        $sql = "SELECT usr_name,pwd,status,PREVILAGE FROM usr WHERE USR_NAME='".$uid."'";
        //echo $sql;
        return  $this->dbQueryReturn($sql);
    }
 
 
 

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Last edited by pcoder on Sun Nov 02, 2008 3:13 am, edited 5 times in total.
Zu
Forum Commoner
Posts: 33
Joined: Wed Dec 06, 2006 4:21 am

Post by Zu »

What would happen if, say, $uid contained:

Code: Select all

evil_user'; DROP TABLE usr;--
mysql_real_escape_string()
User avatar
pcoder
Forum Contributor
Posts: 230
Joined: Fri Nov 03, 2006 5:19 am

Post by pcoder »

It displays invalid username message.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Sure it will display an invalid error, however the point is that sql code can be injected into the query string unless you, at minimum, pass all input through mysql_real_escape_string() and trim()
Post Reply