Login and Registration script using PHP - Saigontech Forum
WELCOME TO SAIGONTECH FORUM - GO TO FORUM AND SHARE YOUR THOUGHT
Sunday, 2016-12-11, 7:49 PM
Welcome Guest | RSS

.

[ New messages · Members · Forum rules · Search · RSS ]
Page 1 of 11
Saigontech Forum » AAS IT House » Applications Development using Microsoft VB.NET-Microsoft C#-Java » Login and Registration script using PHP
Login and Registration script using PHP
mydreamnhung08Date: Sunday, 2011-10-16, 10:05 AM | Message # 1
Sergeant
Group: Administrators
Messages: 34
Reputation: 0
Status: Offline
login.php :

Quote
[size=11]<html><head><title>Log-in Page</title></head>
<body>

Please enter your user details to log-in here:

<form action = "auth.php" method = "post">
Username: <br>
<input type = "text" name = "username">
<br><br>
Password:<br><br>
<input type = "text" name = "password">
<br><br>
<input type = "submit" value = " Log in ">
</form>
</body></html>



This needs to be authenticated with auth.php :

Quote
<?php $username = $_POST['username'];
$password = $_POST['password'];
$self = $_SERVER ['PHP_SELF'];
$referer = $_SERVER ['HTTP_REFERER'];

if ( ( !$username ) or ( !$password ) )
{header("Location: $referer"); exit (); }

$conn = @mysql_connect( "localhost", "USERNAME", "PASSWORD" )
or die ("couldnt connect to SQL ");

$rs = @mysql_select_db("DATABASE" , $conn )
or die ( "Could not select Database" );

$sql="select * from my_database where user_name=\"$username\"
and password = password( \"$password\" ) ";

$rs = mysql_query( $sql, $conn )
or die ( " Couldnt execute query" );

$num = mysql_numrows ( $rs );

if( $num != 0 )
{ $msg = "Welcome $username - your log-in succeeded!";}
else
{ header( "location:$referer" ); exit(); }

?>

<html> <head><title> Log-In Authentication </title></head>
<body> <?php echo( $msg ); ?> <br><br> THING U WANT TO SHOW WHEN U LOG IN!!</A> <br><br>


Create a Database:

Quote
first_name varchar(50) No
last_name varchar(50) No
user_name varchar(25) No
password varchar(16) No




Registration script:

Quote
<?php $self = $_SERVER['PHP_SELF'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];

if ( ( !$firstname ) or ( !$lastname )
or ( !$username ) or ( !$password ) )

{

$form ="Please enter your details below....";
$form.="<form action=\"$self\"";
$form.=" method=\"post\">*First Name: ";
$form.="<input type=\"text\" name=\"firstname\"";
$form.=" value\"$firstname\"><br>*Last Name*: ";
$form.="<input type=\"text\" name=\"lastname\"";
$form.=" value=\"$lastname\"><br>*User Name: ";
$form.="<input type=\"text\" name=\"username\"";
$form.=" value\"$username\"><br>*Password: ";
$form.="<input type type=\"text\" name=\"password\"";
$form.=" value=\"$password\"><br>";
$form.="<input type=\"submit\" value=\"Submit\">";
$form.="</form>";
echo( $form );

}

else

{ $conn = @mysql_connect( "localhost", "USERNAME", "PASSWORD")
or die ( "could not connect to mysql");
$db = @mysql_select_db( "DATABASE", $conn )
or die ("could not select database");
$sql = "insert into my_database
(first_name,last_name,User_name,password) values
(\"$fistname\",\"$lastname\",\"$username\",
password(\"$password\") )";
$result = @mysql_query( $sql, $conn )
or die("could not execute query");
if( $result ) {echo( "New User $username added" ); }
}
?>

THATS IT UHAV CREATED THE PAGE ![/size]
 
saigontechforumDate: Sunday, 2011-10-16, 10:15 AM | Message # 2
Generalissimo
Group: Moderators
Messages: 7
Reputation: 0
Status: Offline
Hi Admin, Great work!

I would like to point a security issue with that code. The following line is open to attakers:

Quote
$sql="select * from my_database where user_name=\"$username\"
and password = password( \"$password\" ) ";


Now, say if I a bonafied user I would enter something like :

Username : myUsername
Password : you_are_kidding_me

but what if I am not, I would do something like this:

Username : " or 1=1 --
Password : doesnot_matter_now

this will allow me to enter into the database without a valid password because your SQL now looks like (replacing username and password field):

Quote
$sql="select * from my_database where user_name="" or 1=1 -- "
and password = password( "doesnot_matter_now" ) ";


NOTE : -- is a SQL comment

here the "or 1=1" will always be ture and would grant me access. VOILA!!

but this could be worse because I can execute SQL within SQL. I can delete, execute, insert or update your database.
You can easily avoid either by removing space from the username or remove all the sql keywords (like delete, exec etc). You have to check both username and password.

Another point
----------------------
Always store encoded password in the databaes and do query as:
Quote

$sql="select password from my_database where user_name=\"$username\"";
$result_set = executeQuery($sql);
$passwordDB = getRow($result_set);
$encodedPassword = encodePassword($password) // $password from the user
if($passwordDB == $encodedPassword)
return true;


also, never save password in a session object.

What I tried to explain above is called SQLInjection Attact, you all know where to search now.


Make A Better World - A Better College
 
Saigontech Forum » AAS IT House » Applications Development using Microsoft VB.NET-Microsoft C#-Java » Login and Registration script using PHP
Page 1 of 11
Search:

Note: You take all responsibilities for your talk, post, blog...at Saigontechforum. Think Before You Speak