+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: PHP (https://sinister.ly/Forum-PHP)
+--- Thread: MySQL and PHP simple login system (/Thread-MySQL-and-PHP-simple-login-system)
RE: MySQL and PHP simple login system - F1L15K0 - 09-01-2013
Too much things to this small system, and it isnt secure.
RE: MySQL and PHP simple login system - noize - 09-01-2013
(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.
This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?
RE: MySQL and PHP simple login system - 1llusion - 09-01-2013
(09-01-2013, 11:37 AM)noize Wrote:(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.
This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?
What I think he means is that mysql_* functions aren't considered secure anymore. Also, I think you have an SQL injection there because:
See the first and last line:
When users log-in, the $_SESSION['username'] variable is set with unescaped data:
Code:
$username = $_POST['user'];
$password = $_POST['pass'];
$conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql');
mysql_select_db($dbname);
$query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string(($password)));
$result = mysql_query($query);
list($count) = mysql_fetch_row($result);
if($count == 1) { // if we found the user/pass combination
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;And later on, when you check for privileges, you use the value in $_SESSION['username'] directly in your query:
Code:
// else, if he's logged in, we retrieve his privilege level and set it to the
// variable $is_admin, so we could use it in all pages where this is required
$username = $_SESSION['username'];
$result = mysql_query("SELECT * from users WHERE username='$username'");
$row = mysql_fetch_array($result);
$is_admin = $row['is_admin'];RE: MySQL and PHP simple login system - noize - 09-01-2013
(09-01-2013, 12:25 PM)1llusion Wrote:(09-01-2013, 11:37 AM)noize Wrote:(09-01-2013, 02:30 AM)F1L15K0 Wrote: Too much things to this small system, and it isnt secure.
This is a really old script from me. I really knew nothing about PHP at the time. Would you mind explaining how this is not secure, though?
What I think he means is that mysql_* functions aren't considered secure anymore. Also, I think you have an SQL injection there because:
See the first and last line:
When users log-in, the $_SESSION['username'] variable is set with unescaped data:
Code:$username = $_POST['user'];
$password = $_POST['pass'];
$conn = mysql_connect($dbhost,$dbuser,$dbpass) or die ('Error connecting to mysql');
mysql_select_db($dbname);
$query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string(($password)));
$result = mysql_query($query);
list($count) = mysql_fetch_row($result);
if($count == 1) { // if we found the user/pass combination
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $username;
And later on, when you check for privileges, you use the value in $_SESSION['username'] directly in your query:
Code:// else, if he's logged in, we retrieve his privilege level and set it to the
// variable $is_admin, so we could use it in all pages where this is required
$username = $_SESSION['username'];
$result = mysql_query("SELECT * from users WHERE username='$username'");
$row = mysql_fetch_array($result);
$is_admin = $row['is_admin'];
Long eye, lol. However, this system does not even inform the user if he uses unaccepted characters in the username in the signup (and in the login as well) form, so that he might think his username is A while it is B. This all should be thoroughly rewritten.
RE: MySQL and PHP simple login system - Crime - 10-18-2013
Great post, and very detailed! Late reply, but thanks for the share
.
RE: MySQL and PHP simple login system - Sebkvernland - 10-26-2013
As a beginner in php I found this tutorial very good! Thank you!
RE: MySQL and PHP simple login system - Sebkvernland - 10-26-2013
As a beginner in php I found this tutorial very good! Thank you!
RE: MySQL and PHP simple login system - Sebkvernland - 10-26-2013
As a beginner in php I found this tutorial very good! Thank you!
RE: MySQL and PHP simple login system - Sebkvernland - 10-26-2013
As a beginner in php I found this tutorial very good! Thank you!
RE: MySQL and PHP simple login system - hellomen - 10-28-2013
nice tutorial but not good enough for security reasons
-it is sql injectable
-password instant storage?
-sessions over cookies?
mhm this are just 3 I could think of and those 3 are the most important things I suggest to not learn from this script but actuall use this script as a reminder on how to put it up on a logical way.