Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
Members Online: 0

Registered Members: 82909
Newest Member: awais
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 08:07
Hey guys I just started programming with mysql I have basically finished my account/user script but there's one thing I don't know how to fully "better" prevent mysql injections so I thought I could post my script and you guys could help me out :D

database.php

Code

<?php

$dbname = 'myuser_test';

$link = mysql_connect("localhost","myuser_george","1234") or die("Couldn't make connection.");

$db = mysql_select_db($dbname, $link) or die("Couldn't select database");

?>





login.php

Code

<?php
include 'database.php';

$user_name = mysql_real_escape_string($_POST['name']);

if ($_POST['Submit']=='Login')

{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name FROM testdb WHERE
            user_name = '$user_name' AND
            user_pwd = '$md5pass'";
         
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);

    if ( $num != 0 ) {

        // A matching row was found - the user is authenticated.
       session_start();
      list($user_id,$user_name) = mysql_fetch_row($result);
      // this sets variables in the session
      $_SESSION['user']= $user_name;
               
      if (isset($_GET['ret']) && !empty($_GET['ret']))
      {
      header("Location: $_GET[ret]");
      } else
      {
      header("Location: home.php");
      }
      //echo "Logged in...";
      exit();

    }

header("Location: login.php?msg=Invalid Login");

//echo "Error:";

exit();   

   
}

?>

<link href="styles.css" rel="stylesheet" type="text/css">

<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>

<form name="form1" method="post" action="">
User
<input name="name" type="text" id="name">
Password:
<input name="pwd" type="password" id="pwd">
<input type="submit" name="Submit" value="Login">
<a href="register2.php">Register</a> | <a href="forgot2.php">Forgot</a>
</form>





home.php

Code

<?php
session_start();
if (!isset($_SESSION['user']))
{
 die ("Access Denied");
}
?>

<?php if (isset($_SESSION['user'])) { ?>
<p>Logged as
<b><?php echo $_SESSION['user']; ?></b> | <a href="logout.php">Logout</a> </p>
<?php } ?>





three codes I didn't post logout.php and register.php which I think aren't needed for my question.

Thanks for helping.

-Nationz

Edited by on 28-03-09 09:40
Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 12:19
From what I can tell there isn't much more that you can do. You only use two input, name and pwd. And you escape the name and hash the pwd so all input is safe.


Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 13:50
MoshBat wrote:
Just shoving things like strip_tags() and addslashes() around the username input should help.

using strip_tags allowz 4 splitting a tag w/ itself ( <in<input>put> ) unless u recursive it. use htmlentities. iz better

mysql_real_escape_string does better then addslashes cuz it prevents attackz from different char sets n it escapes nl / cr chars. newlines could b used 2 segment n injection 2 hide from black list.

@person dat started thread: protect ur session w/ a uniq identifyer. sha1 / md5 username n a random hash, check that it matches username. not checkin dat user session var just exists




Edited by on 28-03-09 13:55
Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 14:04
MoshBat wrote:
Dear lord. Could you write that in english?
Also, there are holes in mysql_real_escape_string. That's why using other filters is necessary.

nop. take it as u get it. there r more holes n addslashes than mysql_real, n mysql_real does wat addslashes do n more.


Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 14:25
MoshBat wrote:
There are holes in both, true, but having both is better than just one.

define wrote:
mysql_real does wat addslashes do n more.

typecast vars, type chk functoins, mysqli parameturized functoins, regex white list... sumthing


Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 18:39
By the way how can I test if the code to prevent mysql injection works
"sorry I don't know a lot about mysql injections"

And Thanks for the previews answers.
Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 18:46
read bout mysql injections or get sum1 dat knows bout em to test it


Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 18:49
There are some good articles on this site on mysql injections and search the google you will get the handy one over there also.
Author

RE: mysql account/user login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-09 20:45
nationz wrote:
By the way how can I test if the code to prevent mysql injection works
"sorry I don't know a lot about mysql injections"

And Thanks for the previews answers.


they have plenty of challenges to get you started and get you in the right mind set for learning sql injections. Just roam through the basic challenges and learn what you can. Use the articles that help you with those challenges, and dont ever forget about google.