Jump to content


Photo

Logging In TroubleSo I


  • Please log in to reply
2 replies to this topic

#1 dturnbull

dturnbull
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 13 May 2006 - 08:36 AM

So I have this Login Script, but the problem is I can only log into one of the test accounts. When i try the others the content after echo '<b>Logged in Successfully</b>'; doesn't appear.

Please Help.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]<?php

session_start(); // start session.

# Login Script
# WiiBuddies.com
include("header.html");
require_once("mysql.php");

$username = $_GET['username'];
$password = $_GET['password'];

$rs = mysql_query("select count(*) as count from user where username='$username' and password='$password'");

if (mysql_num_rows($rs) == 1)
{
echo '<b>Logged in Successfully</b>';

$logged = "SELECT id, username, password, friend_code, location, email, about FROM user";
$result = mysql_query($logged);

$query = "SELECT id, friend_code, username, email, location, about FROM user WHERE username='$username' AND password='$password'";
$result = mysql_query($query);

while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "<p><b>Change Username</b> <br />
<form action='change_username.php'><input name='hiddenField' type='hidden' name='id' value='{$row['id']}' />
New Username: <input type='text' name='changeusername'>
<input type='submit' value='Change Username'>
</form>
<p><u>Current Username</u><br /> {$row['username']}<p>" .


"<b>Change Friend Code</b> <br />
<form action='change_fc.php'>
<input type='text' name='changefc'>
<input type='submit' value='Change Friend Code'>
</form>
<p><u>Current Friend Code</u><br /> {$row['friend_code']}<p>" .


"<b>Change Email</b> <br />
<form action='change_email.php'>
<input type='text' name='changeemail'>
<input type='submit' value='Change E-Mail'>
</form>
<p><u>Current E-Mail</u><br /> {$row['email']}<p>" .


"<b>Change Location:</b><br />
<form action='change_location.php'>
<input type='text' name='changelocation'>
<input type='submit' value='Change Location'>
</form>
<p><u>Current Location</u><br />{$row['location']}<p>" .


"<b>Change About:</b><br />
<form action='change_username.php'>
<textarea name='changeabout' cols='60' rows='4'></textarea><br />
<input type='submit' value='Change About'>
</form>
<p><u>Current About Message</u><br /> {$row['about']}<p>";
}

}
else
{
echo 'password username did not match';
}
?>[/quote]

#2 .josh

.josh
  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 13 May 2006 - 08:48 AM

okay first off, never ever ever EVER input a $_GET variable directly into your sql query. that's just BEGGING someone to completely and utterly destroy your database. use method='post' in your form and do lots of things like stripslashes and stuff to the variables.

2nd: this:
$rs = mysql_query("select count(*) as count from user where username='$username' and password='$password'");
and this:
$query = "SELECT id, friend_code, username, email, location, about FROM user WHERE username='$username' AND password='$password'";
$result = mysql_query($query);

should be condensed into this (at the same place as the first one):
$rs = mysql_query("select * from user where username='$username' and password='$password'");

3rd: this:
$logged = "SELECT id, username, password, friend_code, location, email, about FROM user";
$result = mysql_query($logged);
needs to be removed altogether, as it serves no purpose whatsoever.

4th: .... you know what, you need to go look at the tutorials man. no offense, but there are just too many mistakes in your script. go find a login/user validation script tutorial. there are some in the tutorial sections.

Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 13 May 2006 - 09:49 AM

This is not wrong:
$query = "SELECT id, friend_code, username, email, location, about FROM user WHERE username='$username' AND password='$password'";
True that if your not doing anything else with your query except sending to mysql there's no use spending a variable on it, but specifying all columns is not wrong...
The general consensus is that using * is slower.

I also have to recommend a tutorial, the script is clumbsy and you've missed some of the basics, like proper use of mysql_query(). Always halt your script if a query fails, it fails for a reason. Use "or die()" and "mysql_error()".

Secondly, this script will fall victim to database injection if published.
How?
Just open open an url like this:
scriptfilename.php?username=someuser&password=whatever' OR 1=1 AND username ='someuser

This will create a pretty query like this:
[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']SELECT[/span] id, friend_code, username, email, location, about FROM user WHERE username='someuser' AND password='whatever' OR 1=1 AND username ='someuser' [!--sql2--][/div][!--sql3--]

Since 'OR' has a higher precedence than 'AND', this query would get me logged in without knowing someusers' password!

Also, if I'd like, I could drop a table or two:
scriptfilename.php?username=someuser&password=whatever'; DROP TABLE user

[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']SELECT[/span] id, friend_code, username, email, location, about FROM user WHERE username='someuser' AND password='whatever'; [span style=\'color:blue;font-weight:bold\']DROP[/span] TABLE user [!--sql2--][/div][!--sql3--]

So it's a good idea to read up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users