Jump to content

PHP login script, protection against injections and other


Recommended Posts

hi recently my login script has been php injected here is the script, and i dont know very much at all aobut php, i bought this script, here it is-:

<?php
if(isset($HTTP_POST_VARS['usern'])) {
$usern = strip_tags($HTTP_POST_VARS['usern']);
$passw = strip_tags($HTTP_POST_VARS['passw']);
setcookie("Username",$usern);
setcookie("Password",$passw);
header("Location: member.php");
exit();
}
require('dblogon.php');
require('std_l.php'); ?>
<center>
<?php
if(isset($_GET['error']) && $_GET['error']=="hl") {
if(isset($_GET['data']) && is_numeric($_GET['data'])) {
echo "Your account is in holiday mode, and cannot be accessed for another ".$_GET['data']." ticks.<br>\n";
} else {
echo "Your account is in holiday mode, and cannot be accessed.<br>\n";
}
}
?>
<table border="0" cellpadding="2px" cellspacing="0" width="300px">
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php
if(isset($_GET['forget']) && $_GET['forget']==1) {
echo "<tr><td>Email address</td><td><input type=\"text\" name=\"email\" maxlength=\"200\" class=\"sdinp\"></td></tr>\n";
echo "<tr><td></td><td><input type=\"submit\" value=\"Recover\" class=\"sdbut\"></td></tr>\n";
} else if(isset($_POST['email'])) {
$result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db);
if(mysql_num_rows($result)) {
$retval = mysql_fetch_array($result);
$msg = "Your account information is as follows:\n \n";
$msg.= "Username: ".$retval['username']."\n";
$msg.= "Password: ".$retval['password']."\n";
mail($retval['email'],$title.": Account info",$msg,"From: $title");
echo "<tr><td align=\"center\"><b>Your account information has been emailed to you!</b></td></tr>\n";
} else { echo "<tr><td align=\"center\"><b>Account not found!</b></td></tr>\n"; }
} else {
echo "<tr><td>Username</td><td><input type=\"text\" name=\"usern\" maxlength=\"50\" class=\"sdinp\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"passw\" maxlength=\"50\" class=\"sdinp\"></td></tr>\n";
echo "<tr><td></td><td><input type=\"submit\" value=\"Log me in\" class=\"sdbut\"></td></tr>\n";
echo "<tr><td colspan=\"2\">&nbsp;</td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><a href=\"login.php?forget=1\">[ forgotten password? ]</a></td></tr>\n";
}
?>
</form>
</table>
</center>
<?php require('std_r.php'); ?>


thanks, btw im a real "noob" at this,please help me someone,just maybe tell me what i can add to the code, thanks
it's because you are using a posted variable directly in your query without sanitizing it.

[code]
$email = mysql_real_escape_string($_POST['email']);
$result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ",
[/code]

Crayon did.....

[quote author=Crayon Violent link=topic=118511.msg484311#msg484311 date=1166043224]
[code]
$email = mysql_real_escape_string($_POST['email']);
$result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ",
[/code]
[/quote]
sorry about that :( but whgere do iput it? do i overwrite the current section? canyoushow me a before and after of that section

*EDIT*
echo "<tr><td>Email address</td><td><input type=\"text\" name=\"email\" maxlength=\"200\" class=\"sdinp\"></td></tr>\n";
echo "<tr><td></td><td><input type=\"submit\" value=\"Recover\" class=\"sdbut\"></td></tr>\n";
$email = mysql_real_escape_string($_POST['email']);
      $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='$email' ", $db);

should that section look like that? and thats it? thats all i need to do to stop  the php ort mysql injections?
The section you have that looks like this:

[code]
<?php
} else if(isset($_POST['email'])) {
  $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db);
  if(mysql_num_rows($result)) {
?>
[/code]

Make it look like

[code]
<?php
} else if(isset($_POST['email'])) {
  $email = mysql_real_escape_string(trim($_POST['email']));
  $result = mysql_query("SELECT email,username,password FROM userinf WHERE email='".$_POST['email']."' ", $db);
  if(mysql_num_rows($result)) {
?>
[/code]

You're taking out anything that acn be harmful to a SQL query prior to your query itself.

Just make sure you don't use the <?php and ?> like I do (that helps with color coding php in the forum)
well, nothing is ever 100%.  There's really no way we could begin to give you an honest security assessment without looking at your script from top to bottom, and even everything else on your server, including the setup itself - which we don't really do.. but simple things like this will keep most of the little script kiddies at bay.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.