Jump to content

username and password


eerikk2

Recommended Posts

so i found a tutorial online on how to make a login form. I got it to work. However, i am trying to make it find usernames and passwords from a mysql database

 

this is the tutorial http://www.phpjabbers.com/phpexample.php?eid=23

 

the first part of the tutorial is where it holds the usernames and passwords. I was wonder how can i make this find usernames and passwords from my mysql database

 

this is my code

<?php 
$con = mysql_connect("localhost", "root","");
if(!con){
die('Could not connect to Database: '. mysql_error());
}
mysql_select_db("test", $con);
$results=mysql_query ("SELECT * FROM users");
while ($row=mysql_fetch_array($results)){

    $USERS ["".$row['username'].""] = $row['password'];
}
function check_logged(){ 
     global $_SESSION, $USERS; 
     if(!array_key_exists($_SESSION["logged"],$USERS)) { 
          header("Location: index.php"); 
     }; 
}; 
?>

Link to comment
https://forums.phpfreaks.com/topic/195234-username-and-password/
Share on other sites

You should actually query the database for a matching record upon logging the user in. eg;

 

$uname = mysql_real_escape_string($_POST['uname']);
$upass = md5($_POST['upass']);
$sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass'";
if ($result = mysql_query($sql)) {
  if (mysql_num_rows($result)) {
    // user found, log them in
  } else {
    // user not found
  }
} else {
  // query failed
}

 

The logic you have posted doesn't make allot of sense.

I haven't looked at the tutorial, but given your description, I would drop it.

 

Once a user is verified to exist, you simply store a flag within the $_SESSION array. eg;

 

session_start();
$uname = mysql_real_escape_string($_POST['uname']);
$upass = md5($_POST['upass']);
$sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass'";
if ($result = mysql_query($sql)) {
  if (mysql_num_rows($result)) {
    $_SESSION['logged'] = true;
  } else {
    // user not found
  }
} else {
  // query failed
}

 

You can then use this $_SESSION variable on any page to check if a user is logged in.

 

session_start();
if (isset($_SESSION['logged'])) {
  // user is logged in
} else {
  // user is not logged in
}

// Initialize session data
session_start();
// clean user input and store it within variables for easy access.
$uname = mysql_real_escape_string($_POST['uname']);
// hash the inputted password.
$upass = md5($_POST['upass']);
// create a query that will search for a user matching the gievn name & password
$sql = "SELECT uname FROM users WHERE uname = '$uname' && upass = '$upass'";
// execute the query.
if ($result = mysql_query($sql)) {
  // check to see if any results where found
  if (mysql_num_rows($result)) {
    // we have a match. store the boolean true within the $_SESSION array.
    $_SESSION['logged'] = true;
  } else {
    // user not found
  }
} else {
  // query failed
}

its a big mistake to get user AND pass and check only mysql_num_rows

as we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.

 

i may explained it not soo well, but sorry for bad english ^_^

 

$sql=mysql_query("SELECT * FROM users WHERE username='$username'");
if(mysql_num_row($sql) > 0)
{
$row=mysql_fetch_array($sql);
if($password === $row['password'])
{
// Set session
// redirect him
}
else
{
//error
}
}
else
{
//wrong username or password (we know that user unexist, but won't show it)
}

 

in this example i also mean you info already protected and you not using register_globals=on as it is vulnerable too=)

Are you storing your passwords as md5 hashes?

no im not i dont know how to do that so i just took that part out

 

as for

its a big mistake to get user AND pass and check only mysql_num_rows

as we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.

 

i may explained it not soo well, but sorry for bad english ^_^

 

i dont get what you mean.

if a user were to type in just a username they could get in?

Are you storing your passwords as md5 hashes?

no im not i dont know how to do that so i just took that part out

 

as for

its a big mistake to get user AND pass and check only mysql_num_rows

as we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.

 

i may explained it not soo well, but sorry for bad english ^_^

 

i dont get what you mean.

if a user were to type in just a username they could get in?

do that md5($var);

 

hacker can specify information to pass login and get inside.

expample: i know your username, i type your username and as password i specify 1=1, etc... and then password will be true)

script will receive information and you logging in.

 

ok so i got md5($var); to work but what is the other guy talking about

 

its a big mistake to get user AND pass and check only mysql_num_rows

as we know '1'='1' will always return true, in most cases post 1=1, etc... as login and password, query will return true, 1 row and you probably will pass login.

 

i may explained it not soo well, but sorry for bad english ^_^

 

 

$sql=mysql_query("SELECT * FROM users WHERE username='$username'");

if(mysql_num_row($sql) > 0)

{

$row=mysql_fetch_array($sql);

if($password === $row['password'])

{

// Set session

// redirect him

}

else

{

//error

}

}

else

{

//wrong username or password (we know that user unexist, but won't show it)

}

 

 

in this example i also mean you info already protected and you not using register_globals=on as it is vulnerable too=)

Since the data being put into the query is being escaped (which it needs to be in all cases anyway), it is not possible to inject sql that would bypass the username/password check and this off track discussion about it is not relevant.

Since the data being put into the query is being escaped (which it needs to be in all cases anyway), it is not possible to inject sql that would bypass the username/password check and this off track discussion about it is not relevant.

so what your saying is the login script will be safe as long as i have my password encrypted with md5?

ok thank you, so my login should be safe. I appreciate your help. Oh and one more thing, how could i, if the password or username is wrong or if they left one blank, redirect them back to the login page with an error message rather than having them have to hit the back button

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.