Jump to content

How to get rid of database password?

divadiva

By divadiva
in PHP Coding Help

Recommended Posts

divadiva Regular Member

divadiva

Posted
Posted

I am stuck in a very weird problem.If someone can help me out of this misery I will be grateful for you guys.I havenot written this code,I am just modifying the code.

 

Here is the process: I have a login screen .Login screen asks you enter username and password.Once you have entered the username and password mysql connect is used to make the connection  .If username and password matches with the one present in the database .You are logged into the  system.

 

The  System has report section which creates reports from the data in database.It has one generic password encoded in mysql's mysql database.If anybody wants to view he/she got to enter that mysql's password.I want to get rid of that generic password.

 

I have done some thing but it doesnt solve my password problem: I have created session for username and password.Also a Function" check user exist" which  is checking and matching that username and password from the database.Can anybody suggest me how to get rid of that generic password?I will be thankful to you.

 

Here is the entire code .My apology for pasting entire pages.But without pasting entire code,it would not have made any sense:

 

Database connection page:

 

function checkUserExists()
{
global $globvars; extract($globvars) ;
$resource = mysql_query("select count(*) as user_count from users where username = '".$_SESSION['user']."' and password = '" . $_SESSION['password'] . "'");


$arr = mysql_fetch_array($resource);

if(!$arr['user_count'])
	echo "<b>You do not have access to this page.</b>";

return $arr['user_count'];
}

function opendb() {
globvars('super_pass');
global $globvars; extract($globvars) ;
$GLOBALS['db'] = $dbnam ;
$cfgServer['host'] = $dbhst;


$GLOBALS['link'] = '' ;
if($super_pass) {
	// user supadmin login
	$cfgServer['user'] = $dbsup ;
	$cfgServer['password'] = sp_code($super_pass,'d') ;
	$GLOBALS['link'] = mysql_connect( $cfgServer['host'] , $cfgServer['user'] , $cfgServer['password'] );
	$globvars['dblog'] = $dbsup ;
}

if(! $GLOBALS['link']) {
	// use normal login
	$cfgServer['user'] = $dbusr ;
	$cfgServer['password'] = $dbpss ;
	$GLOBALS['link'] = mysql_connect( $cfgServer['host'] , $cfgServer['user'] , $cfgServer['password'] );
	if (! $GLOBALS['link']) die("Error: Failed to open MySQL");
	$globvars['dblog'] = $dbusr ;
}

mysql_select_db($GLOBALS['db']) or die("Error: Failed to open database" );
}

function globvars() {
$HTTP_POST_VARS = $_POST;
$HTTP_GET_VARS = $_GET;
global $_SESSION ; $HTTP_SESSION_VARS = $_SESSION;
global $globvars;
if (func_num_args() == 0 ) {
	return false;
}
else {
	for ($i = 0 ; $i < func_num_args(); $i++) {
		$a = func_get_arg($i);
		if ( isset($HTTP_POST_VARS[$a]) ) {
			if ( is_array($HTTP_POST_VARS[$a]) ) {
				$globvars[$a] = $HTTP_POST_VARS[$a];
			}
			else {
				$globvars[$a] = globclean("$HTTP_POST_VARS[$a]");
			}
  		}
		elseif ( isset($HTTP_GET_VARS[$a]) ) {
			if ( is_array($HTTP_GET_VARS[$a]) ) {
				$globvars[$a] = $HTTP_GET_VARS[$a];
			}
			else {
				$globvars[$a] = globclean("$HTTP_GET_VARS[$a]");
			}
		}
		elseif ( isset($HTTP_SESSION_VARS[$a]) ) {
			if ( is_array($HTTP_SESSION_VARS[$a]) ) {
				$globvars[$a] = $HTTP_SESSION_VARS[$a];
			}
			else {
				$globvars[$a] = globclean("$HTTP_SESSION_VARS[$a]");
			}
		}
		elseif ( isset($_COOKIE[$a]) ) {
			if ( is_array($_COOKIE[$a]) ) {
				$globvars[$a] = $_COOKIE[$a];
			}
			else {
				$globvars[$a] = globclean("$_COOKIE[$a]");
			}
		}
		else {
			$globvars[$a] = "" ;
		}
		if ( ! is_array( $globvars[$a] ) ) {
			$globvars[$a] = trim($globvars[$a]) ;
		}
	}
}
}
function sp_code($sp,$ac) {
if(($ac == 'e') && !substr_count($sp,'|')) {
	// encode
	$spr = '' ;
	for($i=0;$i<strlen($sp);$i++) {
		$spb = substr($sp,$i,1);
		$spr .= ord($spb) - date('d') . '|' ;
	}
	$spr = substr($spr,0,strlen($spr)-1) ;
}
elseif(($ac == 'd') && substr_count($sp,'|')) {
	// decode
	$spr = '' ;
	$spa = explode('|',$sp);
	foreach($spa as $spb) {
		$spr .= chr($spb + date('d')) ;
	}
}
else {
	$spr = $sp ;
}
return $spr ;

 

Here is the code that calls open ds

 


  <%*/
globvars('username','password','do');
global $globvars; extract($globvars) ;
session_start(); 
$globvars['session_id'] = session_id();

// get host
if (isset($HTTP_HOST)){
$globvars['host']=$HTTP_HOST;
}
else {
$globvars['host']=$_SERVER['HTTP_HOST'];
}

// get page name
if (isset($PHP_SELF)){
$page=$PHP_SELF;
}
else {
$page=$_SERVER['PHP_SELF'];
}
if(strrpos($page,'/')) {
$page = substr( $page , strrpos($page,'/')+1 );
}
$globvars['page']=$page;

opendb();

function verify($filename) {
global $globvars; extract($globvars) ;
$stamp = date("Y-m-d H:i:s");
$globvars['login']['user'] = null ;
$globvars['login']['email'] = null ;
$globvars['login']['message'] = null ;
$globvars['login']['types'] = null ;
$globvars['login']['pages'] = null ;
$globvars['login']['name'] = null ;

if($filename) {
	$string = "SELECT * FROM `pages` WHERE `filename` = '$filename'";
	$query= mysql_query("$string");
	if(mysql_num_rows($query)) {
		$t_row = mysql_fetch_array($query);
		$utallow = $t_row['user_types'];

		if( ( $do == 'logout' ) && $session_id ) {
			$string = "UPDATE `users` SET `session` = '' WHERE `session` = '$session_id' LIMIT 1";
			mysql_query("$string");
			$globvars['login']['message'] = 'You are logged out';
		}

		elseif($do=='login') {
			if($username && $password) {
				// check user
				$string = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
				$check = mysql_query("$string");
				if(mysql_num_rows($check)) {
					// user found
					$u_row = mysql_fetch_array($check);
					$string = "UPDATE `users` SET `session` = '$session_id', `lastlogin` = '$stamp' WHERE `username` = '$username' LIMIT 1";
					mysql_query("$string");
					setcookie("username", $username, time()+60*60*24*365);
					$globvars['login']['message'] = 'Welcome ' . $u_row['forename'] . ' ' . $u_row['surname'] . ', you are logged in.' ;
					$globvars['login']['user'] = $u_row['username'] ;
					$_SESSION['user'] = $u_row['username'];
					$_SESSION['password'] = $u_row['password'];
					$globvars['login']['name'] = $u_row['forename'] . ' ' . $u_row['surname']  ;
					$globvars['login']['email'] = $u_row['email'] ;
					// run cleanup
					cleanup();
					// check user types
					getutype($utallow,$u_row['utypes']) ;
				}
				else {
					$globvars['login']['message'] = 'Error: Invalid username or password' ;
				}
			}
			else {
				$globvars['login']['message'] = 'Error: Enter username and password' ;
			}
		}

		elseif($session_id) {
			// check if logged in
			$string = "SELECT * FROM `users` WHERE `session` = '$session_id'";
			$check = mysql_query("$string");
			if(mysql_num_rows($check)==1) {
				// found already logged in
				$u_row = mysql_fetch_array($check);		
				$globvars['login']['user'] = $u_row['username'] ;
				$_SESSION['user'] = $u_row['username'];
				$_SESSION['password'] = $u_row['password'];
				$globvars['login']['name'] = $u_row['forename'] . ' ' . $u_row['surname']  ;
				$globvars['login']['email'] = $u_row['email'] ;
				// check user types
				getutype($utallow,$u_row['utypes']) ;
			}
		}
	}
}

}

function getutype($utallow,$utypes) {
global $globvars;
if(!$utallow) {
	// all users allowed
	$globvars['login']['types'] = $utypes ;
}
else {
	// loop types to find match
	$utallow_arr = explode(',',$utallow);
	foreach($utallow_arr as $utcheck) {
		if( $utcheck && substr_count( (','.$utypes.',') , (','.$utcheck.',') ) ) {
			$globvars['login']['types'] = $utypes ;
			break ;
		}
	}
}

 

 

Link to comment
https://forums.phpfreaks.com/topic/131695-how-to-get-rid-of-database-password/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.