Jump to content

secure login?

baberlicious
 Share

Recommended Posts

baberlicious Newbie

baberlicious

Posted
Posted

I know i need something to guard against injection, but am unsure of what to use...  also are there any other holes in this script that you see???

 

for a page that you want to protect, you simply add these lines to the beginning of the page....

<?php
include "functions.php";

// secure(x) where x is the intended security level
secure(5);
?>

 

 

login.php

<?php 
require "functions.php";

if(!empty($_SESSION["loginerror"]))
  $err = $_SESSION["loginerror"];
else
    $err = "";

unset($_SESSION["loginerror"]);

if(isset($_POST['username']))
{
  include("database.php");

  $username = $_POST['username'];
  $password = $_POST['password'];

  $result = mysql_query("SELECT * FROM employee WHERE login = '$username' AND password = '$password'") 
    or die("Unable to verify user because : " . mysql_error());

if(mysql_num_rows($result) == 1)
{
  $_SESSION['phplogin'] = "logged";
$row = mysql_fetch_assoc ( $result );
mysql_query("UPDATE employee SET lastlogin=now() WHERE id=".$row['id'])
    or die(mysql_error());

$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['first_name']." ".$row['last_name'];
$_SESSION['user'] = $row['login'];
$_SESSION['seclev'] = $row['security_level'];

$topage="/system";
if(isset($_SESSION['referrer']))
{
    $topage = $_SESSION['referrer'];
	unset($_SESSION['referrer']);
}

  header('Location: '.$topage.'');
}
    
else
{
  $err = '<font color="red">Incorrect username / password.</font>' ;
}
}
?>

 

functions.php

 
<?php
session_start();

if($_SERVER["PHP_SELF"] != "/system/login.php")
{ 
  $_SESSION["referrer"] = $_SERVER["PHP_SELF"];
  if(!empty($_GET))
  $_SESSION["referrer"] .= "?".gets($_GET);
}

$reqseclev = 0;

function secure($level)
{
  $reqseclev = $level;
  if (!isset($_SESSION['phplogin']) || $_SESSION['phplogin'] !== "logged")
    {
      header('Location: /system/login.php'); 
      exit;
    }
  if($_SESSION["seclev"] < $reqseclev)
    {
      $_SESSION["loginerror"] = "<font color=\"red\">The current user does not have permission to view this page.</font>";
      header('Location: /system/login.php'); 
      exit;
    }
}

function gets($in)
{
  $tmp = "";
  foreach($in as $key => $value)
    $tmp .= "$key=$value&";
  $tmp = substr($tmp, 0, strlen($tmp)-1);
  return $tmp;
}
?>

Link to comment
Share on other sites
kbh43dz_u Newbie

kbh43dz_u

Posted
Posted

just escape every input with mysql_real_escape_string() and you will be fine!

 

I would not use 

...or die(mysql_error());

because it can give sensitive information to attackers. (Instead you could write all errors in a protected file, return your own error code which can help you to find the origin of the error (but not tell the attacker what he did wrong),... throw exceptions....)

 

 

kind regards

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.