23.04.2011, 09:52
Hey guys
Last night I started making an UCP System for my server, so I wanted to discuss with you the possible security issues with the code. It is consisted from 3 files, index.php, connect.php and login.php.
Please don't mind the current layout because it is only a work in progress, I am just interested in the possible security issues.
index.php
connect.php
login.php
Live test: URL
User: demo
Pass: demo
Last night I started making an UCP System for my server, so I wanted to discuss with you the possible security issues with the code. It is consisted from 3 files, index.php, connect.php and login.php.
Please don't mind the current layout because it is only a work in progress, I am just interested in the possible security issues.
index.php
Код:
<html> <head><title>Balkan Underground UCP</title></head> <body> <form action="login.php" method="post"> <table align="center"> <tr> <td align="center"> <b><font size="4" color="#000080">Balkan Underground UCP</font></b> </td> </tr> <tr align="center"> <td> <p><input type="text" name="User" size="20" /></p> <p><input type="password" name="Password" size="20" /></p> </td> </tr> <tr> <td align="center"> <p><input type="submit" /> <input type="reset" /> </p> </td> </tr> </table> </form> </body> </html>
Код:
<?php
$con = mysql_connect("localhost","testuser","*********");
mysql_select_db("testuser");
?>
Код:
<?php
include("connect.php");
session_start();
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
if(isset($_SESSION["Username"]))
{
$user = $_SESSION["Username"];
$pass = $_SESSION["Password"];
}
else
{
$user = $_POST["User"];
$pass = $_POST["Password"];
$_SESSION['Username'] = $user;
$_SESSION['Password'] = $pass;
$escuser = mysql_real_escape_string($user);
$escpass = mysql_real_escape_string($pass);
}
$query = "SELECT * FROM users WHERE pUsername = '$escuser'";
$result = mysql_query($query);
$username_exist = mysql_num_rows($result);
if($username_exist == 0)
{
echo 'That profile does not exist! <br />';
echo '<a href="index.php">Idi nazad</a>';
unset($_SESSION['Username']);
unset($_SESSION['Password']);
die;
}
$row = mysql_fetch_row($result);
if($row[2] !== $escpass)
{
echo 'Password is not valid! <br />';
echo '<a href="index.php">Idi nazad</a>';
unset($_SESSION['Username']);
unset($_SESSION['Password']);
die;
}
$message = "Welcome $escuser!<br />";
echo $message;
echo "<br />";
echo "
<table border = 1>
<tr>
<td>Level</td>
<td>$row[7]</td>
</tr>
<tr>
<td>Expirience</td>
<td>$row[8]</td>
</tr>
<tr>
<td>Hours Played</td>
<td>$row[9]</td>
</tr>
<tr>
<td>Money</td>
<td>$$row[10]</td>
</tr>
<tr>
<td>Bank</td>
<td>$$row[11]</td>
</tr>
</table>";
?>
User: demo
Pass: demo