WELCOME TO SAIGONTECH FORUM - GO TO FORUM AND SHARE YOUR THOUGHT
Saturday, 2024-04-20, 5:32 PM
Welcome Guest | RSS

.

Main Registration Login
[ New messages · Members · Forum rules · Search · RSS ]
  • Page 1 of 1
  • 1
Saigontech Forum » AAS IT House » Applications Development using Microsoft VB.NET-Microsoft C#-Java » Login and Registration script using PHP
Login and Registration script using PHP
mydreamnhung08Date: Sunday, 2011-10-16, 10:05 AM | Message # 1
Sergeant
Group: Administrators
Messages: 34
Reputation: 0
Status: Offline
login.php :

Quote
[size=11]<html><head><title>Log-in Page</title></head>
<body>

Please enter your user details to log-in here:

<form action = "auth.php" method = "post">
Username: <br>
<input type = "text" name = "username">
<br><br>
Password:<br><br>
<input type = "text" name = "password">
<br><br>
<input type = "submit" value = " Log in ">
</form>
</body></html>



This needs to be authenticated with auth.php :

Quote
<?php $username = $_POST['username'];
$password = $_POST['password'];
$self = $_SERVER ['PHP_SELF'];
$referer = $_SERVER ['HTTP_REFERER'];

if ( ( !$username ) or ( !$password ) )
{header("Location: $referer"); exit (); }

$conn = @mysql_connect( "localhost", "USERNAME", "PASSWORD" )
or die ("couldnt connect to SQL ");

$rs = @mysql_select_db("DATABASE" , $conn )
or die ( "Could not select Database" );

$sql="select * from my_database where user_name=\"$username\"
and password = password( \"$password\" ) ";

$rs = mysql_query( $sql, $conn )
or die ( " Couldnt execute query" );

$num = mysql_numrows ( $rs );

if( $num != 0 )
{ $msg = "Welcome $username - your log-in succeeded!";}
else
{ header( "location:$referer" ); exit(); }

?>

<html> <head><title> Log-In Authentication </title></head>
<body> <?php echo( $msg ); ?> <br><br> THING U WANT TO SHOW WHEN U LOG IN!!</A> <br><br>


Create a Database:

Quote
first_name varchar(50) No
last_name varchar(50) No
user_name varchar(25) No
password varchar(16) No



Registration script:

Quote
<?php $self = $_SERVER['PHP_SELF'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$password = $_POST['password'];

if ( ( !$firstname ) or ( !$lastname )
or ( !$username ) or ( !$password ) )

{

$form ="Please enter your details below....";
$form.="<form action=\"$self\"";
$form.=" method=\"post\">*First Name: ";
$form.="<input type=\"text\" name=\"firstname\"";
$form.=" value\"$firstname\"><br>*Last Name*: ";
$form.="<input type=\"text\" name=\"lastname\"";
$form.=" value=\"$lastname\"><br>*User Name: ";
$form.="<input type=\"text\" name=\"username\"";
$form.=" value\"$username\"><br>*Password: ";
$form.="<input type type=\"text\" name=\"password\"";
$form.=" value=\"$password\"><br>";
$form.="<input type=\"submit\" value=\"Submit\">";
$form.="</form>";
echo( $form );

}

else

{ $conn = @mysql_connect( "localhost", "USERNAME", "PASSWORD")
or die ( "could not connect to mysql");
$db = @mysql_select_db( "DATABASE", $conn )
or die ("could not select database");
$sql = "insert into my_database
(first_name,last_name,User_name,password) values
(\"$fistname\",\"$lastname\",\"$username\",
password(\"$password\") )";
$result = @mysql_query( $sql, $conn )
or die("could not execute query");
if( $result ) {echo( "New User $username added" ); }
}
?>

THATS IT UHAV CREATED THE PAGE ![/size]
 
saigontechforumDate: Sunday, 2011-10-16, 10:15 AM | Message # 2
Generalissimo
Group: Moderators
Messages: 7
Reputation: 0
Status: Offline
Hi Admin, Great work!

I would like to point a security issue with that code. The following line is open to attakers:

Quote
$sql="select * from my_database where user_name=\"$username\"
and password = password( \"$password\" ) ";


Now, say if I a bonafied user I would enter something like :

Username : myUsername
Password : you_are_kidding_me

but what if I am not, I would do something like this:

Username : " or 1=1 --
Password : doesnot_matter_now

this will allow me to enter into the database without a valid password because your SQL now looks like (replacing username and password field):

Quote
$sql="select * from my_database where user_name="" or 1=1 -- "
and password = password( "doesnot_matter_now" ) ";


NOTE : -- is a SQL comment

here the "or 1=1" will always be ture and would grant me access. VOILA!!

but this could be worse because I can execute SQL within SQL. I can delete, execute, insert or update your database.
You can easily avoid either by removing space from the username or remove all the sql keywords (like delete, exec etc). You have to check both username and password.

Another point
----------------------
Always store encoded password in the databaes and do query as:
Quote

$sql="select password from my_database where user_name=\"$username\"";
$result_set = executeQuery($sql);
$passwordDB = getRow($result_set);
$encodedPassword = encodePassword($password) // $password from the user
if($passwordDB == $encodedPassword)
return true;


also, never save password in a session object.

What I tried to explain above is called SQLInjection Attact, you all know where to search now.
Make A Better World - A Better College
 
Saigontech Forum » AAS IT House » Applications Development using Microsoft VB.NET-Microsoft C#-Java » Login and Registration script using PHP
  • Page 1 of 1
  • 1
Search:

Note: You take all responsibilities for your talk, post, blog...at Saigontechforum. Think Before You Speak

Dịch Vụ SEO – SEO Giá Rẻ Tại SEO Panda Agency – Công ty seo giá rẻ uy tín, cung cấp các dịch vụ SEO và online marketing Address: 62b Tô Ký, Ho Chi Minh City, Vietnam, Thành phố Hồ Chí Minh Hotline: 0120 785 7289 dich vu seo dich vu seo gia re cong ty seo bang gia seo shop hang quang chau seo services new zealand sms funny tin viec lam local seo services dich vu seo rao vat viec lam sinh vien dien thoai nokia samsung 3d led tivi sony lcd tivi samsung plasma tivi 3d plasma tivi 3d macbook apple macbook pro mac pro imac mac mini thiet bi van phong dau dia tien dat dau dia dau dvd sony dau dia dvd loa loa vi tinh amply sony son nuoc tranh thu phap tranh son dau gom su tu bep phan bon san pham 3d gian hang 3d van phong 3d 3d offices hoi cho trien lam cong nghe 3d 3d products 3d fair exhibition dien dan seo bao tri seo big one iwin online Copyright Saigontech Forum © 2024
Free website builderuCoz