$username Posted June 21, 2007 Share Posted June 21, 2007 Hello People, I have been working on this web function to allow users to login to view their cases. I would like to see if I can get some feed back for this. (security, functionality, bugs) Here is the backed for the admins. http://71.98.29.80:8081/info/admin/tools/login.htm username = test Password = Password01 Here is the frontend for clients. username = test1 Password = Password01 http://71.98.29.80:8081/info/user/login.htm If you would like I will post snipits of my code as well as my database layout. Thank you, Brett P.S. I will be working on this so if you see something change its most likely me. Link to comment Share on other sites More sharing options...
gabeg Posted June 21, 2007 Share Posted June 21, 2007 There isn't much to test here, you are just displaying stuff from a database Link to comment Share on other sites More sharing options...
$username Posted June 22, 2007 Author Share Posted June 22, 2007 you can add info and other stuff. Try it. tell me what you think. If you have a hard time let me know I can tell you how to work it if its too hard. Brett Link to comment Share on other sites More sharing options...
brent123456 Posted June 22, 2007 Share Posted June 22, 2007 DELETE command denied to user 'midaps'@'AMDX2' for table 'store' http://71.98.29.80:8081/info/admin/tools/show.php? When I clicked delete and didn't fill in the textbox gave me error above. Can't delete case _______________________________________ http://71.98.29.80:8081/info/admin/tools/write.php?submit32=Add+New+Case told me I added a case when i didn't fill anything in When you go bad to the show page it just shows a blank case with case number Same thing happens when you add users with blank info. Link to comment Share on other sites More sharing options...
$username Posted June 22, 2007 Author Share Posted June 22, 2007 Thanks That is the stuff I like to know. Brett Link to comment Share on other sites More sharing options...
source Posted June 23, 2007 Share Posted June 23, 2007 login is vulnerable to sql injection. Link to comment Share on other sites More sharing options...
$username Posted June 27, 2007 Author Share Posted June 27, 2007 What commands did you use to do this "Hack" I would like to know how to stop it. Thank you, Brett Link to comment Share on other sites More sharing options...
corbin Posted June 27, 2007 Share Posted June 27, 2007 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\web\www\info\user\login.php on line 22 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\web\www\info\user\login.php on line 24 Login Problem You have entered and invalid name or password. Please press 'Try Again' to re-try. When you enter a pasword or username that would create problems with the mysql query, it gives you that error since the query fails and the script tries to run a num_row check on it.... This tells me that you aren't correctly escaping data and if I felt like it I could sit here and figure out what your SQL query looks like and trick it into letting me login with incorrect data. Edit: Forgot to tell you how to fix it... hehe I suggest googling around and looking for tutorials/explanations of SQL injection.... Basically, characters like ' can be dangerous because if you have a query, SELECT * FROM table WHERE user = '{$_POST['username']}' AND password = '{$_POST['password']}', someone can enter bogus info. For example, if someone entered ' OR 1 = 1;-- as the username, you can see what it would do to the query.... The best way to avoid this is to make sure you always clean variables before using them in a SQL query, using functions like addslashes() or mysql_real_escape_string(). Link to comment Share on other sites More sharing options...
$username Posted June 28, 2007 Author Share Posted June 28, 2007 Thank you I am actively look on fixing this. I really appreciate your time on this. I will post when I think I have the solution. Thank you, Brett Link to comment Share on other sites More sharing options...
$username Posted June 29, 2007 Author Share Posted June 29, 2007 Ok guys I have been working on this login SQL injection. How would I add in the magic quotes gpc. Here is the code from my login page. <?php include 'dbopen.php'; include 'dbconnect.php'; //$ebits = ini_get('error_reporting'); //error_reporting($ebits ^ E_NOTICE); $username = $_POST['username']; $password = $_POST['password']; $username = trim($username); $password = trim($password); if(($username == null) || ($password == null)) { header("Location: login.htm"); } else { //$cUsername = crypt($username, false); //include 'dbopen.php' //include 'dbconnect.php' $sql = mysql_query("SELECT * FROM admin where password = '$password' and username = '$username'"); $num = mysql_num_rows($sql); $sql2 = mysql_query("SELECT * FROM admin where password = '$password' and username = '$username' and secvalue = 1"); $num2 = mysql_num_rows($sql2); if($num2 == 1) { setcookie("user", $username, time()+600); mysql_close($conn); header("Location: lobby.php"); } else if(($num == 1) && ($num2 == 0)) { $msg = ("You have not activated you account yet. Please do so before trying to log in."); mysql_close($conn); } else { $msg = ("You have entered and invalid name or password. Please press 'Try Again' to re-try."); //mysql_close(mysql_connect); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Login Problem</title> <link rel="stylesheet" type="text/css" href="global.css" /> <script language="JavaScript" type="text/javascript"> <!-- function goBack() { window.history.go(-1); } //--> </script> </head> <body> <center> <h1>Login Problem</h1> </center> <p><?php echo($msg); ?></p> <form> <input type="button" value="Try Again!" onclick="goBack()" /> </form> </body> </html> No this is also making the cookie. Is there an easy way of making this more secure? Thank you, Brett Link to comment Share on other sites More sharing options...
$username Posted July 11, 2007 Author Share Posted July 11, 2007 Ok I did fix the SQL injection. Thanks guys. When I get closer to some more progress I will repost. Thanks, Brett Link to comment Share on other sites More sharing options...
Recommended Posts