Username not working with boolean values? :S

[rofl90]

I think it might be using the boolean values.

 

Also, I found out that cookies are apparently a header, is there anyway to get around that..

 

The error it's giving me is:

 

The username entered is incorrect.

 

when it is..

 

also it just stops the rest of the html too.. could anybody take a look at it and tell me what I've done wrong.. including alternatives for the exit();'s.

forgot the code:

 

<?php
if(isset($_POST['loginSubmit'])) {

mysql_connect();

mysql_select_db();

$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);

$check_us = mysql_num_rows(mysql_query("SELECT user FROM beta WHERE user='$user'"));
if($check_us == "0") {
	$error_1 = true;
}
$check_pw = mysql_num_rows(mysql_query("SELECT password FROM beta WHERE password='$password'"));
if($check_pw == "0") {
	$error_2 = true;
}

if($error_1) {
	echo "<p>The username entered is incorrect.</p>";
	if(!isset($_COOKIE['bf'])) {
		setcookie('bf', "1");
	}
	else {
		$new_cook = $_COOKIE['bf']++;
		$_COOKIE['bf'] == $new_cook;
	}
	exit();
}
if($error_2) {
	echo "<p>The password entered is incorrect.</p>";
	if(!isset($_COOKIE['bf'])) {
		setcookie('bf', "1");
	}
	else {
		$new_cook = $_COOKIE['bf']++;
		$_COOKIE['bf'] == $new_cook;
	}
	exit();
}

// Everythings ok, lets log em in.

$_SESSION['uid'] = $username;
$_SESSION['pwid'] = $password;
echo "<p>Successful logon, we are redirecting you to your BETA Dashboard.</p>";
exit();
}
else {
if($_COOKIE['bf'] >= "3") {
setcookie('bfbk', 'y', time()+60*15);
}
if(isset($_COOKIE['bfbk'])) {
echo "<p>Bruteforce protection activated. No Access allowed for 15 minutes. Your IP address has been logged.</p>";
exit();
}
?>
	<form name="betaLogin" id="betaLogin" method="post" action="?">
	<fieldset><legend>Username:</legend>
	<input type="text" maxlength="28" name="username" id="username" class="textBox" />
	</fieldset>
	<fieldset><legend>Password:</legend>
	<input type="password" maxlength="28" name="password" id="password" class="textBox" />
	</fieldset>
	<fieldset>
	<legend>Login:</legend>
	<input type="submit" name="loginSubmit" id="login" class="submit" value="Login" />
	</fieldset>
	</form>

	<p>Your IP has been logged as <?php echo $_SERVER['REMOTE_ADDR']; ?> for security reasons. Attempting to get into somebody elses account will result in consequences.</p>
	<?php } ?>

[dptr1988]

After quickly looking at your code I didn't see anything that was causing the username check not to work. But I do see one big problem.

 

When you select the password from the database, it doesn't specify which user you are select the password from. If user1 has a password of 'password' and user2 has a password of 'this_here', then with your current code, you could enter the username of 'user1' and the password of 'this_here' and it would allow a login.

 

The username/password query should be like this:

SELECT username, userid, or_anything_else_you_need FROM beta WHERE user='$user' AND password='$password'

 

 

[rofl90]

Thankyou for pointing out that security exploit, but it still doesn't work.

[dptr1988]

Could you post the updated code?

[rofl90]

Sure:

 

<?php
if(isset($_POST['loginSubmit'])) {

mysql_connect();

mysql_select_db("");

$username = mysql_real_escape_string($_POST['username']);
$password = md5($_POST['password']);

$check_us = mysql_num_rows(mysql_query("SELECT user FROM beta WHERE user='$user'"));
if($check_us == "0") {
	$error_1 = true;
}
$check_pw = mysql_num_rows(mysql_query("SELECT password FROM beta WHERE password='$password' AND user='$user'"));
if($check_pw == "0") {
	$error_2 = true;
}

if($error_1) {
	echo "<p>The username entered is incorrect.</p>";
	if(!isset($_COOKIE['bf'])) {
		setcookie('bf', "1");
	}
	else {
		$new_cook = $_COOKIE['bf']++;
		$_COOKIE['bf'] == $new_cook;
	}
	exit();
}
if($error_2) {
	echo "<p>The password entered is incorrect.</p>";
	if(!isset($_COOKIE['bf'])) {
		setcookie('bf', "1");
	}
	else {
		$new_cook = $_COOKIE['bf']++;
		$_COOKIE['bf'] == $new_cook;
	}
	exit();
}

// Everythings ok, lets log em in.

$_SESSION['uid'] = $username;
$_SESSION['pwid'] = $password;
echo "<p>Successful logon, we are redirecting you to your BETA Dashboard.</p>";
exit();
}
else {
if($_COOKIE['bf'] >= "3") {
setcookie('bfbk', 'y', time()+60*15);
}
if(isset($_COOKIE['bfbk'])) {
echo "<p>Bruteforce protection activated. No Access allowed for 15 minutes. Your IP address has been logged.</p>";
exit();
}
?>
	<form name="betaLogin" id="betaLogin" method="post" action="?">
	<fieldset><legend>Username:</legend>
	<input type="text" maxlength="28" name="username" id="username" class="textBox" />
	</fieldset>
	<fieldset><legend>Password:</legend>
	<input type="password" maxlength="28" name="password" id="password" class="textBox" />
	</fieldset>
	<fieldset>
	<legend>Login:</legend>
	<input type="submit" name="loginSubmit" id="login" class="submit" value="Login" />
	</fieldset>
	</form>

	<p>Your IP has been logged as <?php echo $_SERVER['REMOTE_ADDR']; ?> for security reasons. Attempting to get into somebody elses account will result in consequences.</p>
	<?php } ?>

[dptr1988]

You are not selecting any any database when you use mysql_select_db(); and you are connecting to the mysql server using the default values from the php.ini.

 

Double check that you are acutally getting a msyql connection and select the correct database with mysql_select_db('database_name');

 

 

[rofl90]

I just deleted that so nobody sees my mysql info

[DarkWater]

You see the $check_us and $check_pw lines in the if statements?  Last I checked, mysql_num_rows returns an integer and not a string, so check for ($check_us == 0) not ($check_us == "0").  That might not be the problem, but give it a shot.  And do it with the $check_pw check too.