Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Feb 2004
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hacking a login script

    Hi
    I've spent some time re-working a script I found on Sitepoint.
    I've got the database and script working. I want this script to authenticate and then take me automatically to a page - protectedpage.php

    I'm not sure where that should go - I was going to use the line - header('Location: http://www.rightintoit.com/protectedpage.php');, but just can't see where I would isnert it. Can anyone make some suggestions for me?

    PHP Code:
    <?php // accesscontrol.php
    include_once 'common.php';
    include_once 
    'db.php';

    session_start();

    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];

    if(!isset(
    $uid)) {
      
    ?>
     
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
        User ID: <input type="text" name="uid" size="8" /><br />
        Password: <input type="password" name="pwd" SIZE="8" /><br />
        <input type="submit" value="Log in" />
      </form></p>
      
      <?php
      
    return;
    }

    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;

    dbConnect("xxxx_user");
    $sql "SELECT * FROM user WHERE
            userid = '$uid' AND password = '$pwd'"
    ;
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact prayner@hwy54.com.au');
    }

    if (
    mysql_num_rows($result) == 0) {
      unset(
    $_SESSION['uid']);
      unset(
    $_SESSION['pwd']);
      
    ?>
      
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
     
      <?php
      
    return;
    }

    $username mysql_result($result,0,'fullname');

    ?>

  • #2
    Regular Coder
    Join Date
    Jun 2007
    Location
    N. Ireland
    Posts
    351
    Thanks
    16
    Thanked 4 Times in 4 Posts
    I would do it immediately after the last mysql statement:

    PHP Code:
    if (mysql_num_rows($result) != 1) {
      unset($_SESSION['uid']);
      unset($_SESSION['pwd']);
      ?>
      
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
     
      <?php
      
    return;
    } else {
    header('Location: http://www.rightintoit.com/protectedpage.php');
    exit;
    }
    What is this line for:

    PHP Code:
    $username mysql_result($result,0,'fullname'); 
    Is there a point to setting $username after you redirect? If you are going to set it to the session then do this before the redirect.
    Daemonkin.
    If this was helpful, please add to my reputation
    Thousand Sons - Freelance Web Developer - ninetyonedegrees.com

  • #3
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    I was going to suggest something but this is really poor implementation. Perhaps you should try performing a search on this forum for login scripts.
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #4
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    866
    Thanks
    7
    Thanked 30 Times in 29 Posts
    I agree with StupidRalph.

    I don't think it is a good idea to store user credentials in session variables like you have. A more concrete implementation is to use classes of logged users...and then serialize and de-serialize their states etc using session variables.

    Check out the following implementation. http://www.phpclasses.org/browse/package/2666.html

    I would also recommend that you utilize MySQL to store your session state...as opposed to relying on flat files...where other users on the same machine might be able to access these files....if they know howto...and your server is not configured correctly.

    Check out the following url. it provides in-depth information on how to manage state in PHP etc
    http://www.oreilly.com/catalog/webdb...pter/ch08.html

    If you want something ready for deployment to manage sessions...have a look here
    http://www.phpclasses.org/browse/package/1518.html

    Cheers,
    Ess

  • #5
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    Those are really good links ess. I was a frequent visitor of PHPclasses.org but I've slacked off a bit. They have really good classes there though.

    I just popped in to give this codingforums link where firepages, raf, and fci touch on security regarding login scripts. I think you will be able to appreciate the discussion.
    Last edited by StupidRalph; 07-09-2007 at 08:13 PM. Reason: to add a space before my link
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.

  • #6
    New Coder
    Join Date
    Feb 2004
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for all your help and links.

    In defense of the tutorial on SItepoint, it was for noobs, and I guess they followed the "kiss" principle.

    As I slowly gain more knowledge. I'll try and implement these security hints you've pointed out. And I'll stay away from anything where security really does matter. This was just an exercise to learn more.

    And with your help, I've done that!!!

  • #7
    New Coder
    Join Date
    Feb 2004
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I inserted the code as suggested. (It's where I imageined it should go - but I left out the else.)

    Now though, the script takes forever to run - if at all! It just seems to hang. As for the $username line - when the new page loads, it says "welcome $username".
    I'm a noob, so I could have that wrong!!!!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •