jamesjw Posted April 23, 2007 Share Posted April 23, 2007 I have created a client access website for a company I work for with a the same login system used in two different directories in the same domain. If a user (client) logs in, they can access not only their content, but another client's content in another directory as well. It has something to do with the way the cookie is being set. This is obviously a major security issue that needs to be resolved. Note: The cookie's name is PHPSESSID, and I'm not sure how to change that. Here is the code: include_once("config.php"); include_once("lang/lang_".$lang.".php"); $pml_title = $site_name; include("htmltop.php"); include_once("connect.php"); if(isset($_SESSION['user_id'])) { header("Location: ".$afterlogin); }else{ if(isset($_COOKIE['user_id'])) { // Read cookie, make session $sql = "SELECT id,state,password,active FROM `".$db_tbl."` WHERE id='".$_COOKIE['user_id']."'"; $query = mysql_query($sql); $row = mysql_fetch_object($query); $id = htmlspecialchars($row->id); $status = htmlspecialchars($row->state); $dbpass = htmlspecialchars($row->password); $actief = htmlspecialchars($row->active); if($dbpass == $_COOKIE['user_password'] AND $actief == 2) { $_SESSION['user_id'] = $id; $_SESSION['uid'] = 0; $_SESSION['user_status'] = $status; ?> <script language="Javascript" type="text/javascript"> location.href='<?= $afterlogin ?>'; </script> <? }else{ echo $login_cookiefalse; setcookie("user_id", "", time() - 3600); setcookie("user_password", "", time() - 3600); } }else{ if(isset($_POST['submit'])) { // Login $sql = "SELECT id,name,password,state,active,cookie_pass FROM `".$db_tbl."` WHERE name='".$_POST['user']."'"; $query = mysql_query($sql); $count = mysql_num_rows($query); if($count == 1) { $row = mysql_fetch_object($query); $dbpass = htmlspecialchars($row->password); $userpass = md5($_POST['pass']); $cookiepass = htmlspecialchars($row->cookie_pass); $userid = htmlspecialchars($row->id); $userstatus = htmlspecialchars($row->state); $useractief = htmlspecialchars($row->active); if($dbpass == $userpass) { if($useractief == 1) { $_SESSION['user_id'] = $userid; $_SESSION['user_status'] = $userstatus; if($_POST['cookie'] == "do") { if($cookiepass == "") { $cookiecode = mt_srand((double)microtime()*100000); while(strlen($cookiecode) <= 10) { $i = chr(mt_rand (0,255)); if(eregi("^[a-z0-9]$", $i)) { $cookiecode = $cookiecode.$i; } } $sql = "UPDATE `".$db_tbl."` SET cookie_pass = '".$cookiecode."' WHERE name = '".$_POST['user']."' LIMIT 1"; mysql_query($sql); $cookiepass = $cookiecode; } setcookie("cookie_id", $userid, time() + 365 * 86400); setcookie("cookie_pass", $cookiepass, time() + 365 * 86400); } echo $loginsucces; ?> Many thanks in advance for the much needed assistance. Quote Link to comment Share on other sites More sharing options...
mpharo Posted April 23, 2007 Share Posted April 23, 2007 I would create another cookie variable and then when you are in the directories just do a check for that variable, if it is equal to 1 allow if 0 deny access... Quote Link to comment Share on other sites More sharing options...
jamesjw Posted April 23, 2007 Author Share Posted April 23, 2007 NM. I fixed this issue by placing session_name(" ") in the configuration file. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.