RedInjection Posted November 6, 2015 Share Posted November 6, 2015 (edited) Hello all, I have made a script that does what I want but I am asking are there any flaws in my coding that I am missing in terms of security? * When a user registers by default the table sets the column status to pending * The key generated is a random 5 character string with a mixture of Uppercase and Numbers // IF username is missing from URL then redirect if ( empty($_GET['username']) ) { redirect_to("register.php"); } // IF key is missing from URL then redirect if ( empty($_GET['key']) ) { redirect_to("register.php"); } // SQL Query $sql = "SELECT * from users WHERE username = '{$_GET['username']}'"; $result = $mysqli->query($sql); $row = $result->fetch_assoc(); if ( $row['status'] == 'pending' ) { if ( $_GET['key'] == $row['activation'] ) { $sql = "UPDATE users SET status='enabled' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); $sql = "UPDATE users SET activation='' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); echo 'Your account is now <font color=green><strong>ACTIVE</strong></font>'; } } if ( $_GET['key'] != $row['activation'] ) { redirect_to("register.php"); } Thanks for your feedback! I hope I done okay as I am learning Edited November 6, 2015 by RedInjection Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted November 6, 2015 Share Posted November 6, 2015 any flaws in my coding that I am missing in terms of security? Yes you are not sanitizing your user input values. If you don't do this then your code is open to SQL Injection attacks. You can use mysqli_real_escape_string to sanitize your values. But as you are using mysqli then you should be using prepared statememts. Why the two update queries here? $sql = "UPDATE users SET status='enabled' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); $sql = "UPDATE users SET activation='' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); You only need to to have the one, you can set the values for both the status and activation columns in the same update query. $sql = "UPDATE users SET status='enabled', activation='' WHERE username='{$_GET['username']}' LIMIT 1"; $result = $mysqli->query($sql); Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 6, 2015 Share Posted November 6, 2015 (edited) The key generated is a random 5 character string with a mixture of Uppercase and Numbers Show you code for the key generation. This is where one of your problems is. @Jaques1 has posted good information on how this should be done so I am not going to repeat it. Edited November 6, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
RedInjection Posted November 6, 2015 Author Share Posted November 6, 2015 function generateRandomString($length = 5) { $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $charactersLength = strlen($characters); $randomString = ''; for ($i = 0; $i < $length; $i++) { $randomString .= $characters[rand(0, $charactersLength - 1)]; } return $randomString; } This is my function - Is this ok? Quote Link to comment Share on other sites More sharing options...
benanamen Posted November 6, 2015 Share Posted November 6, 2015 (edited) No, it is not ok, Delete that whole function and read the post from Jaques1 here http://forums.phpfreaks.com/topic/298729-forgotten-password/?hl=%2Bopenssl_random_pseudo_bytes&do=findComment&comment=1523846 about http://php.net/manual/en/function.openssl-random-pseudo-bytes.php AND http://php.net/manual/en/function.mcrypt-create-iv.php Edited November 6, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.