My authentication - is there possible dangerous code?
Posted: Fri Oct 31, 2008 5:41 am
Here is my authentication class.
I was just wondering if there aren't any highly seen and unknown to me possible security holes.
I was just wondering if there aren't any highly seen and unknown to me possible security holes.
Code: Select all
class authentication {
var $mysql;
function __construct($mysql) {
$this->mysql = $mysql;
}
function authentication() {
global $smarty, $l;
if (empty($_SESSION['authentication'])) {
$smarty->display(TEMPLATE_DIR.'/backend/admin.login.tpl');
if (!empty($_POST) and empty($_POST['user_username'])) {
$smarty->assign('error', $l['username_field_left_empty']);
} else if (!empty($_POST) and empty($_POST['user_password'])) {
$smarty->assign('error', $l['password_field_left_empty']);
} else if (!empty($_POST)) {
$result = $this->mysql->query_one_result("SELECT COUNT(*) FROM `gcms_user`
WHERE `user_username`='".$this->mysql->escape($_POST['user_username'])."'
AND `user_password`='".$this->mysql->escape($this->secure($_POST['user_password']))."';");
if (empty($result)) {
$smarty->assign('error', $l['username_or_password_is_incorrect']);
} else {
$result = $this->mysql->query_one_result("SELECT `user_id` FROM `gcms_user`
WHERE `user_username`='".$this->mysql->escape($_POST['user_username'])."'
AND `user_password`='".$this->mysql->escape($this->secure($_POST['user_password']))."';");
// Setting session
$_SESSION['authentication'] = $result;
// [int setting cookie]
if (isset($_POST['remember'])) {
setcookie("cookie_username", $_POST['user_username'], time()+3600);
setcookie("cookie_password", $this->secure($_POST['user_password']), time()+3600);
}
header('Location: admin.php');
}
}
exit;
} else if (!empty($_SESSION['authentication']) and isset($_GET['logout'])) {
$this->logout();
}
}
function check_authentication() {
if (empty($_SESSION['authentication']) and (!empty($_COOKIE['cookie_username']) and !empty($_COOKIE['cookie_password']))) {
$result = $this->mysql->query_one_result("SELECT COUNT(*) FROM `gcms_user`
WHERE `user_username`='".$this->mysql->escape($_COOKIE['cookie_username'])."'
AND `user_password`='".$this->mysql->escape($this->secure($_COOKIE['cookie_password']))."';");
if (empty($result)) {
$smarty->assign('error', $l['username_or_password_is_incorrect']);
} else {
$result = $this->mysql->query_one_result("SELECT `user_id` FROM `gcms_user`
WHERE `user_username`='".$this->mysql->escape($_COOKIE['cookie_username'])."'
AND `user_password`='".$this->mysql->escape($this->secure($_COOKIE['cookie_password']))."';");
// Setting session
$_SESSION['authentication'] = $result;
}
} else if (!empty($_SESSION['authentication'])) {
$result = $_SESSION['authentication'];
return $result;
} else {
return FALSE;
}
}
function logout() {
unset($_SESSION['authentication']);
setcookie("cookie_username", NULL);
setcookie("cookie_password", NULL);
header('Location: '.BASE_URL);
}
// Used so that it would be easier later to change encode method.
function secure($data) {
return md5($data);
}
}