Only checks for one admin!

[daveoffy]

I have this code

 

<?php
include 'config.php';
$qry = "SELECT * FROM `user` WHERE a_min ='1'";
$result = mysql_query($qry);
while($row = mysql_fetch_array($result)){
$am_un = $row['username'];
$username = $_COOKIE['username'];
if($am_un != $username){
exit();
}
}
?>

 

It only checks 1 admin, the code ran in an sql broswer showed both users, but this only checks the last one.

[Andy-H]

You are checking it against the cookie, is that to restrict users from accessing the script?

 

If its to show the staff just remove the cookie comparison.

 

Also mysql_fetch_array returns bost associative and numerically indexed arrays so wastes memory in the servers RAM.

 

Use mysql_fetch_assoc(); or mysql_fetch_row();

[Ken2k7]

Take out these 3 lines.

if($am_un != $username){
exit();
}

[daveoffy]

but it only returns one result. It only returns the name of 1 of the users, not both of them. So it wont work for both of the staff members, only 1 of them.

[Andy-H]

<?php
include 'config.php';
$qry = "SELECT * FROM user WHERE a_min = 1 ";
$result = mysql_query($qry);
$admins = array();
while($row = mysql_fetch_assoc($result)){
$admins[] = $row['username'];
}
$username = $_COOKIE['username'];
if (!in_array($username, $admins){
exit();
}

?>

 

Is that what you are trying to do?

[PFMaBiSmAd]

One of the points of using a database is so that you only need to access the data you are interested in. If you are trying find out if a value is present in the database, don't retrieve all the rows and compare them with the value, put the value comparison into the query and see if there is a matching row.

 

Your method of storing the username in a cookie and using that to determine who is an administrator is insecure. All anyone would need to do is provide your site with a cookie that has been set to the username of an administrator (which is fairly easy to find or guess) and they would become that administrator.

[daveoffy]

One of the points of using a database is so that you only need to access the data you are interested in. If you are trying find out if a value is present in the database, don't retrieve all the rows and compare them with the value, put the value comparison into the query and see if there is a matching row.

 

Your method of storing the username in a cookie and using that to determine who is an administrator is insecure. All anyone would need to do is provide your site with a cookie that has been set to the username of an administrator (which is fairly easy to find or guess) and they would become that administrator.

What do you suggest to make a more secure way?

[PFMaBiSmAd]

The cookie should contain a unique and hard to guess/reverse engineer identifier that is different for each member - http://us.php.net/manual/en/function.uniqid.php

 

The unique id is then stored in your user table and is used to identify the visitor.

[daveoffy]

could i put the username though an md5()?

[Andy-H]

Can you not use sessions?

[PFMaBiSmAd]

That would be the first thing a hacker would try when he sees an md5 value being used. That would also be a static/fixed value that once someone else got a hold of it, they could impersonate the actual visitor as long as the value remained the same.

 

By using the unique id, you can regenerate it at regular intervals (every time someone logs in or even on every page visit) to help prevent someone from hijacking the cookie and impersonating the actual visitor.

[daveoffy]

how about this, i think this will be the best

 

$cookieun = md5($username) * rand(10000, 999999999999);

[PFMaBiSmAd]

Because an md5() value is alphanumeric, multiplying an md5() value by a number will only use any leading numeric digits of the value. You won't get a lot of variation from the md5() part of the expression and if the leading digits happen to be zero or alpha only, the resulting value will be a zero. The result of this will always be a numeric value and it is easy to write code to iterate through a range of numeric values.

 

You won't be able to produce a function that is better at generating unique and hard to guess id's, than the code shown on the php uniqid page in the manual.