...

View Full Version : Hacking a login script



prayner
07-09-2007, 12:28 PM
Hi
I've spent some time re-working a script I found on Sitepoint.
I've got the database and script working. I want this script to authenticate and then take me automatically to a page - protectedpage.php

I'm not sure where that should go - I was going to use the line - header('Location: http://www.rightintoit.com/protectedpage.php');, but just can't see where I would isnert it. Can anyone make some suggestions for me?


<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
?>

<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>

<?php
return;
}

$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("xxxx_user");
$sql = "SELECT * FROM user WHERE
userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact prayner@hwy54.com.au');
}

if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>

<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>

<?php
return;
}

$username = mysql_result($result,0,'fullname');

?>

daemonkin
07-09-2007, 01:01 PM
I would do it immediately after the last mysql statement:


if (mysql_num_rows($result) != 1) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>

<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>

<?php
return;
} else {
header('Location: http://www.rightintoit.com/protectedpage.php');
exit;
}


What is this line for:


$username = mysql_result($result,0,'fullname');

Is there a point to setting $username after you redirect? If you are going to set it to the session then do this before the redirect.

StupidRalph
07-09-2007, 01:02 PM
I was going to suggest something but this is really poor implementation. Perhaps you should try performing a search on this forum for login scripts.

ess
07-09-2007, 01:42 PM
I agree with StupidRalph.

I don't think it is a good idea to store user credentials in session variables like you have. A more concrete implementation is to use classes of logged users...and then serialize and de-serialize their states etc using session variables.

Check out the following implementation. http://www.phpclasses.org/browse/package/2666.html

I would also recommend that you utilize MySQL to store your session state...as opposed to relying on flat files...where other users on the same machine might be able to access these files....if they know howto...and your server is not configured correctly.

Check out the following url. it provides in-depth information on how to manage state in PHP etc
http://www.oreilly.com/catalog/webdbapps/chapter/ch08.html

If you want something ready for deployment to manage sessions...have a look here
http://www.phpclasses.org/browse/package/1518.html

Cheers,
Ess

StupidRalph
07-09-2007, 09:12 PM
Those are really good links ess. I was a frequent visitor of PHPclasses.org but I've slacked off a bit. They have really good classes there though.

I just popped in to give this codingforums link (http://www.codingforums.com/showthread.php?t=83505) where firepages, raf, and fci touch on security regarding login scripts. I think you will be able to appreciate the discussion.

prayner
07-09-2007, 11:10 PM
Thanks for all your help and links.

In defense of the tutorial on SItepoint, it was for noobs, and I guess they followed the "kiss" principle.

As I slowly gain more knowledge. I'll try and implement these security hints you've pointed out. And I'll stay away from anything where security really does matter. This was just an exercise to learn more.

And with your help, I've done that!!!

prayner
07-09-2007, 11:22 PM
I inserted the code as suggested. (It's where I imageined it should go - but I left out the else.)

Now though, the script takes forever to run - if at all! It just seems to hang. As for the $username line - when the new page loads, it says "welcome $username".
I'm a noob, so I could have that wrong!!!!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum