[SOLVED] Client login tool to check for updates on cases.

[$username]

Hello People,

    I have been working on this web function to allow users to login to view their cases.

I would like to see if I can get some feed back for this. (security, functionality, bugs)

 

 

 

Here is the backed for the admins.

http://71.98.29.80:8081/info/admin/tools/login.htm

 

username = test

Password = Password01

 

Here is the frontend for clients.

username =  test1

Password =  Password01

 

http://71.98.29.80:8081/info/user/login.htm

 

If you would like I will post snipits of my code as well as my database layout.

 

Thank you,

Brett

 

P.S. I will be working on this so if you see something change its most likely me.

 

 

[gabeg]

There isn't much to test here, you are just displaying stuff from a database

[$username]

you can add info and other stuff. Try it. tell me what you think. If you have a hard time let me know I can tell you how to work it if its too hard.

 

Brett

[brent123456]

DELETE command denied to user 'midaps'@'AMDX2' for table 'store'

 

http://71.98.29.80:8081/info/admin/tools/show.php?

 

When I clicked delete and didn't fill in the textbox gave me error above.

 

Can't delete case

_______________________________________

http://71.98.29.80:8081/info/admin/tools/write.php?submit32=Add+New+Case

 

told me I added a case when i didn't fill anything in

 

When you go bad to the show page it just shows a blank case with case number

 

 

Same thing happens when you add users with blank info.

 

[$username]

Thanks That is the stuff I like to know.

 

Brett

[source]

login is vulnerable to sql injection.

[$username]

What commands did you use to do this "Hack" I would like to know how to stop it.

 

Thank you,

Brett

[corbin]

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\web\www\info\user\login.php on line 22

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in c:\web\www\info\user\login.php on line 24

 

Login Problem

You have entered and invalid name or password. Please press 'Try Again' to re-try.

 

When you enter a pasword or username that would create problems with the mysql query, it gives you that error since the query fails and the script tries to run a num_row check on it.... This tells me that you aren't correctly escaping data and if I felt like it I could sit here and figure out what your SQL query looks like and trick it into letting me login with incorrect data.

 

Edit: Forgot to tell you how to fix it... hehe

 

I suggest googling around and looking for tutorials/explanations of SQL injection.... Basically, characters like ' can be dangerous because if you have a query, SELECT * FROM table WHERE user = '{$_POST['username']}' AND password = '{$_POST['password']}', someone can enter bogus info.

 

For example, if someone entered ' OR 1 = 1;-- as the username, you can see what it would do to the query....

 

The best way to avoid this is to make sure you always clean variables before using them in a SQL query, using functions like addslashes() or mysql_real_escape_string().

[$username]

Thank you I am actively look on fixing this. I really appreciate your time on this. I will post when I think I have the solution.

 

Thank you,

Brett

[$username]

Ok guys I have been working on this login SQL injection.

 

How would I add in the magic quotes gpc.

 

Here is the code from my login page.

 

<?php
include 'dbopen.php';
include 'dbconnect.php';
//$ebits = ini_get('error_reporting');
//error_reporting($ebits ^ E_NOTICE);


$username = $_POST['username'];
$password = $_POST['password'];

$username = trim($username);
$password = trim($password);

if(($username == null) || ($password == null)) 
{
header("Location: login.htm");
}
else
{
//$cUsername = crypt($username, false);
//include 'dbopen.php'
//include 'dbconnect.php'	



$sql = mysql_query("SELECT * FROM admin where password = '$password' and username = '$username'"); 
$num = mysql_num_rows($sql);
$sql2 = mysql_query("SELECT * FROM admin where password = '$password' and username = '$username' and secvalue = 1"); 
$num2 = mysql_num_rows($sql2);

if($num2 == 1)
{
	setcookie("user", $username, time()+600); 
	mysql_close($conn); 
	header("Location: lobby.php"); 
}
else if(($num == 1) && ($num2 == 0))
{
	$msg = ("You have not activated you account yet. Please do so before trying to log in.");
	mysql_close($conn); 
}
else
{
	$msg = ("You have entered and invalid name or password. Please press 'Try Again' to re-try.");
	//mysql_close(mysql_connect); 
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Login Problem</title>
<link rel="stylesheet" type="text/css" href="global.css" />
<script language="JavaScript" type="text/javascript">
<!--
function goBack() 
{
window.history.go(-1);
}
//-->
</script>
</head>
<body>
<center>
<h1>Login Problem</h1>
</center>
<p><?php echo($msg); ?></p>
<form>
<input type="button" value="Try Again!" onclick="goBack()" />
</form>

</body>
</html>

 

 

No this is also making the cookie.  Is there an easy way of making this more secure?

 

Thank you,

Brett

[$username]

Ok I did fix the SQL injection.

 

Thanks guys. When I get closer to some more progress I will repost.

 

Thanks,

Brett