post query authentication [theory]

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

post query authentication [theory]

Post by stakes »

Ok deal is i have a private messaging system. Now throught the "message.php" file a message is called with ?id=$messageid.

Messages are stored mysql and have the following fields.

id
author (int)
reciever (int)
message
timestamp

When a user logs into the system. He gets $_SESSION['userId'] = the users id from sql table.

So too make sure you can only access messages that you "allowed" to I'm first running the query.

SELECT * from messages where id=$id

THEN

I run the $_SESSION['userId'] to check if they are either an AUTHOR or RECIEVER to the message, if this equals true, i print out the message.

So to the point now. Is it potentially unsafe to actually run the SELECT * query and then authenticate, would be more safe to run something like:

SELECT author, reciever * ....

and then

SELECT message

?

Just a bit concerned that my current solution will be unsafe.

Thanks for any advice

Daniel
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

what's wrong with

Code: Select all

select * from messages
   where id=$id and $user_id in (author, receiver)
where $id and $user_id are properly prepared, e.g. converted to int.
User avatar
stakes
Forum Commoner
Posts: 48
Joined: Tue Jun 12, 2007 12:05 pm

Post by stakes »

If only i knew SQL better.. hehe

Thanks!
Post Reply