sean14592 Posted March 24, 2008 Share Posted March 24, 2008 Hi, This is my first post on this forum and hope here will be many more to come. I have created my own login script, my login.php file includes a basic form, I then have a livelogin.php, This is the file that proccesses the login data. e.g checks if there is anything in each field. Checks info with that in database. Though there is a error, were even if u type a usename and password that is not even registered you get sent to log_done.php, You should acctually be taken to a error page for username no valid (as it checks username first). Code: http://rafb.net/p/ofZYUM49.html Can anybody spot anything? Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/ Share on other sites More sharing options...
Naez Posted March 24, 2008 Share Posted March 24, 2008 $check2 = mysql_query("slect password from user where password=\"$pass\""); line 50 also use mysql_real_escape_string() on your post vars so your code isn't vulnerable to SQL injection as it is now. Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499794 Share on other sites More sharing options...
sean14592 Posted March 24, 2008 Author Share Posted March 24, 2008 Hi, soz mate this is my first php script ??? . Can you please explain more to me, lol, sorry to bother you. But I got to lrearn somewhere. Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499816 Share on other sites More sharing options...
soycharliente Posted March 24, 2008 Share Posted March 24, 2008 $check2 = mysql_query("slect password from user where password=\"$pass\""); You spelled 'select' wrong is what I think he's trying to get at. Also, you don't need to escape double quotes inside your string for a MySQL query. Simple wrap your variables in single quotes. SELECT password FROM user WHERE password='$pass' Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499861 Share on other sites More sharing options...
Agtronic Posted March 24, 2008 Share Posted March 24, 2008 It would be a good idea to add some simple encryption to the password so that you do not store plain-text passwords in your database. And it's also a good idea to clean up the input ... <?php $user = trim(addslashes(($_POST['username'])); $pass = sha1(trim(($_POST['password'])); // add the sha1 over the password to encrypt it, and at the registration step aswell ... ?> Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499864 Share on other sites More sharing options...
sean14592 Posted March 24, 2008 Author Share Posted March 24, 2008 Hi, I have changed spelling istake but yet I can still get to the log_done.php with a random username and password that is not in the database. Can somebody help? Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499878 Share on other sites More sharing options...
BlueSkyIS Posted March 24, 2008 Share Posted March 24, 2008 for one, you run mysql_query but never pull any records. updated section... $check = mysql_query("select username from users where username='$user'") or die(mysql_error()); if (mysql_num_rows($check) > 0) { $a_record = mysql_fetch_array($check); $from1 = $a_record['username']; } Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499890 Share on other sites More sharing options...
sean14592 Posted March 25, 2008 Author Share Posted March 25, 2008 thanks a million! ;D ;D Cheers Sean Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-499983 Share on other sites More sharing options...
Naez Posted March 25, 2008 Share Posted March 25, 2008 It would be a good idea to add some simple encryption to the password so that you do not store plain-text passwords in your database. And it's also a good idea to clean up the input ... <?php $user = trim(addslashes(($_POST['username'])); $pass = sha1(trim(($_POST['password'])); // add the sha1 over the password to encrypt it, and at the registration step aswell ... ?> This is bad. You should always use mysql_real_escape_string() (or whatever the escape string for the database you are using is, if you are using PDO to connect and execute then you have no need to worry). Protecting from SQL injection using only addslashes still allows vulnerabilities from your user's input. Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-500148 Share on other sites More sharing options...
Agtronic Posted March 26, 2008 Share Posted March 26, 2008 This is bad. You should always use mysql_real_escape_string() (or whatever the escape string for the database you are using is, if you are using PDO to connect and execute then you have no need to worry). Protecting from SQL injection using only addslashes still allows vulnerabilities from your user's input. Thanks! Learn something everyday! Quote Link to comment https://forums.phpfreaks.com/topic/97674-my-login-system-allows-people-to-login-even-if-they-have-not-registered/#findComment-500968 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.