d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > Slight Php Problem
Add Reply New Topic New Poll
Member
Posts: 17,301
Joined: Dec 15 2007
Gold: 14,772.00
Sep 3 2012 03:33pm
I am still very new to php, creating a login script and nothing is returned when I enter it, yes I md5'd in the database.

Code
<?php
session_start();
$form = "<form action='index.php?act=login' method='post'>
<p class='center'>
            <label class='username'>
               <span>Username</span>
               <input type='text' name='user' placeholder='username' style='padding-left: 5px;' />
               </label>
            <label class='Password'>
               <span>Password</span>
               <input type='password' id='password' name='password' placeholder='Password' style='padding-left: 5px;' />
               </label>                                
<input type='submit' class='button1' name='loginbtn' value='Login' />
</p>
</form>";

if($_POST['loginbtn']){
   $user = $_POST['user'];
   $password = $_POST['password'];
   
   if($user){
      if($password){
require("db.php");
         
         $password = md5($password);
         // make sure login info correct
         $query = mysql_query("SELECT * FROM users WHERE username='$user'");
         $numrows = mysql_num_rows($query);
         if ($numrows == 1){
           $row = mysql_fect_assoc($query);
           $dbid = $row['id'];
           $dbuser = $row['username'];
           $dbpass = $row['password'];
           $dbactive = $row['active'];
           
           if ($password == $dbpass){
               if (dbactive == 1){
                   // Set session info
                   $_SESSION['userid'] = $dbid;
                   $_SESSION['username'] = $dbuser;
                   
                   echo "Welcome!";
               }
               else
                   echo "Sorry, you must active your account. $form";
           }
           else
               echo "Incorrect Password! $form";
         }
         else
           echo "Username not found! $form";
           
         mysql_close();  
      }
      else
       echo "Please Enter a Password. $form";
   }
   else
       echo "Please Enter a Username. $form";
}
else
   echo "$form";
?>
Member
Posts: 17,301
Joined: Dec 15 2007
Gold: 14,772.00
Sep 3 2012 03:48pm
figured out it's somewhere in password check...
Member
Posts: 17,301
Joined: Dec 15 2007
Gold: 14,772.00
Sep 3 2012 04:31pm
Fixed code, removed active
but the problem was I typo fetch_assoc
Code
<?php
session_start();
$form = "<form action='index.php?act=login' method='post'>
<p class='center'>
            <label class='username'>
               <span>Username</span>
               <input type='text' name='user' placeholder='username' style='padding-left: 5px;' />
               </label>
            <label class='Password'>
               <span>Password</span>
               <input type='password' id='password' name='password' placeholder='Password' style='padding-left: 5px;' />
               </label>                                
<input type='submit' class='button1' name='loginbtn' value='Login' />
</p>
</form>";

if($_POST['loginbtn']){
   $user = $_POST['user'];
   $password = $_POST['password'];
   
   if($user){
      if($password){
           require("db.php");
         
         $password = md5(md5("asdsds3".$password."asdsds3"));
         // make sure login info correct
         $query = mysql_query("SELECT * FROM users WHERE username='$user'");
         $numrows = mysql_num_rows($query);
         if ($numrows == 1){
           $row = mysql_fetch_assoc($query);
           $dbid = $row['id'];
           $dbpass = $row['password'];
           $dbuser = $row['username'];
           
           if ($password == $dbpass){
                   // Session Info
                   $_SESSION['userid'] = $dbid;
                   $_SESSION['username'] = $dbuser;
                   
                   echo "<p class='left'>Welcome <b>$dbuser</b></p><p class='clearfix'></p>";
                   
           }
           else
               echo "Incorrect Password! $form";
           
       }
       else
           echo"The Username you entered was not found. $form";
           
         mysql_close();  
      }
      else
       echo "Please Enter a Password. $form";
   }
   else
       echo "Please Enter a Username. $form";
}
else
   echo $form;
?>
Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Sep 3 2012 06:04pm
So you solved your own problem in less than an hour? Good job. Next time wait an hour before posting.
Member
Posts: 16,144
Joined: Mar 27 2008
Gold: 14,618.00
Sep 4 2012 04:09pm
your code is vulnerable to "sql injections".
Member
Posts: 17,301
Joined: Dec 15 2007
Gold: 14,772.00
Sep 5 2012 09:52am
Quote (carteblanche @ Sep 3 2012 07:04pm)
So you solved your own problem in less than an hour? Good job. Next time wait an hour before posting.


screw you
Quote (Richter @ Sep 4 2012 05:09pm)
your code is vulnerable to "sql injections".


And mind showing me how? not trying to be a smartass, im new to php so I have no clue.
Member
Posts: 16,144
Joined: Mar 27 2008
Gold: 14,618.00
Sep 5 2012 10:24am
the $user contains exactly the stuff the user sent from the form. so in this line:
Code
$query = mysql_query("SELECT * FROM users WHERE username='$user'");

the written stuff gets exactly at that position. if you write the right thing, you can do bad stuff...
here's the link where's nearly the same situation as you got it: http://en.wikipedia.org/wiki/SQL%5Finjection
when you scroll down to the "Escaping", you can nearly copy the code:
Code
$query = sprintf("SELECT * FROM `Users` WHERE UserName='%s' AND Password='%s'",
                 mysql_real_escape_string($Username),
                 mysql_real_escape_string($Password));
mysql_query($query);

the harmful stuff sent by the formular gets harmless in the function "mysql_real_escape_string(...)". so if you first put your string together with this function inside a sprintf, then you can use your crafted string which is harmless.

This post was edited by Richter on Sep 5 2012 10:25am
Member
Posts: 1,628
Joined: Aug 11 2012
Gold: 628.00
Sep 5 2012 12:03pm
in addition one way to get around sql injections is to find a filter class and attach that filter to all posts,gets and echos
Member
Posts: 17,301
Joined: Dec 15 2007
Gold: 14,772.00
Sep 6 2012 04:47am
Quote (Richter @ Sep 5 2012 11:24am)
the $user contains exactly the stuff the user sent from the form. so in this line:
Code
$query = mysql_query("SELECT * FROM users WHERE username='$user'");

the written stuff gets exactly at that position. if you write the right thing, you can do bad stuff...
here's the link where's nearly the same situation as you got it: http://en.wikipedia.org/wiki/SQLinjection
when you scroll down to the "Escaping", you can nearly copy the code:
Code
$query = sprintf("SELECT * FROM `Users` WHERE UserName='%s' AND Password='%s'",
                 mysql_real_escape_string($Username),
                 mysql_real_escape_string($Password));
mysql_query($query);

the harmful stuff sent by the formular gets harmless in the function "mysql_real_escape_string(...)". so if you first put your string together with this function inside a sprintf, then you can use your crafted string which is harmless.


Thank you, much appreciated.

Quote (Huayra @ Sep 5 2012 01:03pm)
in addition one way to get around sql injections is to find a filter class and attach that filter to all posts,gets and echos


You too, thanks :)
Member
Posts: 32,925
Joined: Jul 23 2006
Gold: 3,804.50
Sep 6 2012 11:29am
Quote (Iceey @ Sep 5 2012 11:52am)
screw you


That wasn't sarcastic. It is good when you can solve your own problems. I advised delaying a post so you have more time to think about the problem and see if you can handle it yourself. But screw you too i guess?
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll