Login

Gigi-The-Beast · 23.04.2011, 09:52

Hey guys
Last night I started making an UCP System for my server, so I wanted to discuss with you the possible security issues with the code. It is consisted from 3 files, index.php, connect.php and login.php.
Please don't mind the current layout because it is only a work in progress, I am just interested in the possible security issues.

index.php

Код:

<html>
<head><title>Balkan Underground UCP</title></head>
<body>
<form action="login.php" method="post">
<table align="center">
<tr>
<td align="center">
<b><font size="4" color="#000080">Balkan Underground UCP</font></b>
</td>
</tr>
<tr align="center">
<td>
<p><input type="text" name="User" size="20" /></p>
<p><input type="password" name="Password" size="20" /></p>
</td>
</tr>
<tr>
<td align="center">
<p><input type="submit" />
<input type="reset" /> </p>
</td>
</tr>
</table>
</form>
</body>
</html>

connect.php

Код:

<?php
$con = mysql_connect("localhost","testuser","*********");
mysql_select_db("testuser");
?>

login.php

Код:

<?php
include("connect.php");
session_start();
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
  if(isset($_SESSION["Username"]))
  {
    $user = $_SESSION["Username"];
    $pass = $_SESSION["Password"];
  }
  else
  {
    $user = $_POST["User"]; 
    $pass = $_POST["Password"];
    $_SESSION['Username'] = $user;
    $_SESSION['Password'] = $pass;
    $escuser = mysql_real_escape_string($user);
    $escpass = mysql_real_escape_string($pass);
  }
  $query = "SELECT * FROM users WHERE pUsername = '$escuser'";
  $result = mysql_query($query);
  $username_exist = mysql_num_rows($result);
  if($username_exist == 0)
  {
    echo 'That profile does not exist! <br />';
    echo '<a href="index.php">Idi nazad</a>';
    unset($_SESSION['Username']);
    unset($_SESSION['Password']);
    die;
  }  
  $row = mysql_fetch_row($result);
  if($row[2] !== $escpass)
  {
    echo 'Password is not valid!  <br />';
    echo '<a href="index.php">Idi nazad</a>';
    unset($_SESSION['Username']);
    unset($_SESSION['Password']);
    die;
  }

$message = "Welcome $escuser!<br />";
echo $message;
echo "<br />";
echo "
<table border = 1>
  <tr>
    <td>Level</td>
    <td>$row[7]</td>
  </tr>
  <tr>
    <td>Expirience</td>
    <td>$row[8]</td>
  </tr>
  <tr>
    <td>Hours Played</td>
    <td>$row[9]</td>
  </tr>

  <tr>
    <td>Money</td>
    <td>$$row[10]</td>
  </tr>
  <tr>
    <td>Bank</td>
    <td>$$row[11]</td>
  </tr>
</table>";
?>

Live test: URL
User: demo
Pass: demo

[ADC]Aldi96 · 23.04.2011, 09:52

what's this !!!!!!!!!!!!!

Sensitive · 23.04.2011, 09:53

This is a UCP where people can see their stats

Oliverraisk · 23.04.2011, 09:58

It might have future. 1st of all do some graphics, then move on to admin cp, where admins can change users stats passwords, etc.
Edit: Haha lol, bu-rp.info, kinda funny

Gigi-The-Beast · 23.04.2011, 10:10

Quote:

Originally Posted by Oliverraisk

Edit: Haha lol, bu-rp.info, kinda funny

and why is that so?

PHP код:



function sanitizeString($var){

$var = stripslashes($var);

$var = htmlentities($var);

$var = strip_tags($var);

return $var;

}

Use this for escaping forms.

PHP код:



function sanitizeSQL($var){

$var = mysql_real_escape_string($var);

$var = sanitizeString($var);

return $var;

}

Use this for escaping mysql string.

These codes are efficient and enhances security against SQL and XSS attacks.

If you want more security against passwords use this technique:

PHP код:





$Salt1 = "#$@#%#$!@$@#1234223233";

$Salt2 = "#*$(#@$&AJDSU#341224334";

$Hash = md5("$Salt1$password$Salt2");

Gigi-The-Beast · 23.04.2011, 10:22

thank you very much xFlawless, I expected your answer

TheArcher · 23.04.2011, 10:24

Nice UCP but you should add some graphic on it

Gigi-The-Beast · 23.04.2011, 10:28

yea, I know, it's only in 0.1

last night i started developing, when I add more stuff, I'll release it here
thank you for your comment

23.04.2011, 10:29

No problem, check my post i edited it.

Gigi-The-Beast · 23.04.2011, 10:43

niiice, very clever

TheArcher · 23.04.2011, 12:03

Yes, but the people needs to modify something in the script like pUsername depends what they have in script

Gigi-The-Beast · 23.04.2011, 12:05

this is not released yet to be used by the public, i've opened this topic to get usefull info about better security than the one that has been implemented in the curent script

royal_king · 23.04.2011, 16:19

Can you please post all files by compressing them in a .rar or .zip and upload and share? or you just want help in coding that for you created topic?

23.04.2011, 16:20

Quote:

Originally Posted by royal_king

Can you please post all files by compressing them in a .rar or .zip and upload and share? or you just want help in coding that for you created topic?

If you can understand he mentioned he wants to know possible security issues.

LoLaMan · 24.04.2011, 20:18

add .db file

TheArcher · 24.04.2011, 20:20

read above guys:

Quote:

Originally Posted by Gigi-The-Beast

this is not released yet to be used by the public, i've opened this topic to get usefull info about better security than the one that has been implemented in the curent script

CODMW5 Owner · 24.04.2011, 21:04

Can you post another demo link?

NicoBellic · 24.04.2011, 22:03

Nice work but why don't you use a MVC framework? It can semplify your life a lot

Gigi-The-Beast · 25.04.2011, 16:32

can you explain a bit more?

Login
Username:
Password:	Lost Password?
	Remember me