MySQL and PHP simple login system

F1L15K0 · 09-01-2013, 02:30 AM

Too much things to this small system, and it isnt secure.

noize · 09-01-2013, 11:37 AM

(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.

This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?

1llusion · 09-01-2013, 12:25 PM

(09-01-2013, 11:37 AM)noize Wrote:
(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.

This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?

What I think he means is that mysql_* functions aren't considered secure anymore. Also, I think you have an SQL injection there because:

See the first and last line:
When users log-in, the $_SESSION['username'] variable is set with unescaped data:

Code:
$username = $_POST['user'];

        $password = $_POST['pass'];        

        $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql');

        mysql_select_db($dbname);

        $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",

            mysql_real_escape_string($username),

            mysql_real_escape_string(($password)));

        $result = mysql_query($query);

        list($count) = mysql_fetch_row($result);

        if($count == 1) { // if we found the user/pass combination

            $_SESSION['authenticated'] = true;

            $_SESSION['username'] = $username;

And later on, when you check for privileges, you use the value in $_SESSION['username'] directly in your query:

Code:
// else, if he's logged in, we retrieve his privilege level and set it to the

// variable $is_admin, so we could use it in all pages where this is required

$username = $_SESSION['username'];

$result = mysql_query("SELECT * from users WHERE username='$username'");

$row = mysql_fetch_array($result);

$is_admin = $row['is_admin'];

noize · 09-01-2013, 02:45 PM

(09-01-2013, 12:25 PM)1llusion Wrote:
(09-01-2013, 11:37 AM)noize Wrote:
(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.

This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?

What I think he means is that mysql_* functions aren't considered secure anymore. Also, I think you have an SQL injection there because:

See the first and last line:
When users log-in, the $_SESSION['username'] variable is set with unescaped data:

Code:
$username = $_POST['user']; $password = $_POST['pass']; $conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'", mysql_real_escape_string($username), mysql_real_escape_string(($password))); $result = mysql_query($query); list($count) = mysql_fetch_row($result); if($count == 1) { // if we found the user/pass combination $_SESSION['authenticated'] = true; $_SESSION['username'] = $username;

And later on, when you check for privileges, you use the value in $_SESSION['username'] directly in your query:

Code:
// else, if he's logged in, we retrieve his privilege level and set it to the // variable $is_admin, so we could use it in all pages where this is required $username = $_SESSION['username']; $result = mysql_query("SELECT * from users WHERE username='$username'"); $row = mysql_fetch_array($result); $is_admin = $row['is_admin'];

Long eye, lol. However, this system does not even inform the user if he uses unaccepted characters in the username in the signup (and in the login as well) form, so that he might think his username is A while it is B. This all should be thoroughly rewritten.

Crime · 10-18-2013, 08:13 PM

Great post, and very detailed! Late reply, but thanks for the share Smile

.

Sebkvernland · 10-26-2013, 10:35 PM

As a beginner in php I found this tutorial very good! Thank you! Smile

Sebkvernland · 10-26-2013, 10:35 PM

As a beginner in php I found this tutorial very good! Thank you! Smile

Sebkvernland · 10-26-2013, 10:35 PM

As a beginner in php I found this tutorial very good! Thank you! Smile

Sebkvernland · 10-26-2013, 10:35 PM

As a beginner in php I found this tutorial very good! Thank you! Smile

hellomen · 10-28-2013, 08:17 AM

nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?

mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.