Login Script

[phpnoob]

HelloI just want to know, this login script easy to hack it? if yes than show me a better oneThis login script only see in the main website

<? function login(){if ($_SESSION['loggedin']!== true){if (isset($_POST['login'])){$nick = addslashes($_POST['loginname']);$pass = md5($_POST['pass']); $sql ="SELECT * FROM users WHERE nick='$nick' AND password='$pass'"; $query = mysql_query($sql);if (mysql_num_rows($query) !== 0){$_SESSION['nick'] = addslashes($_POST['loginname']); $_SESSION['loggedin'] = true;setcookie("nick", $nick, time()+7200);header("Location: ".$_SERVER['PHP_SELF']);}else{echo "Wrong nick/pass";}}echo '<div class="login"><h5>Login</h5> <form action="'.$_SERVER['PHP_SELF'].'" method="POST"> <input type="text" name="loginname" size="15"><br> <input type="password" name="password" size="15"> <input type="submit" name="login" value="OK"></form></div>';}else {echo '<div class="login"> Hello '.$_SESSION['nick'].'<a href="logout.php">Logout</a></div>';}}?>

[jeffman]

Yes, it can easily be the target of SQL injection. The main problem is you are not testing the value of $_POST['loginname']. The link I posted explains how it is vulnerable. The simple answer is to use mysql_real_escape_string() on your data. addslashes() was designed for convenience, not security.You can also restrict valid login names to certain characters. You cannot do this with "real" names, as the link shows. But it is good practice for login names. You can do this client side for better UI, but you must also do it server-side to protect against attackers.FWIW, it is good practice to see if your POST variables actually contain data before you try to use it. I see you using the isset() function. You should apply it (or empty() ) to all the POST data you want to use. THEN validate the content of those variables.$_POST['pass'] is not vulnerable to attack (I'm pretty sure) because the first thing you do with it is hash it. But the ['pass'] element should still be tested to see (1) if it exists and (2) if it contains a value.empty() does both of these things simultaneously, so I usually use it instead of isset.isset() is usually sufficient for checking SESSION values, since I generally don't care what the value is.

[phpnoob]

Yes, it can easily be the target of SQL injection. The main problem is you are not testing the value of $_POST['loginname']. The link I posted explains how it is vulnerable. The simple answer is to use mysql_real_escape_string() on your data. addslashes() was designed for convenience, not security.You can also restrict valid login names to certain characters. You cannot do this with "real" names, as the link shows. But it is good practice for login names. You can do this client side for better UI, but you must also do it server-side to protect against attackers.FWIW, it is good practice to see if your POST variables actually contain data before you try to use it. I see you using the isset() function. You should apply it (or empty() ) to all the POST data you want to use. THEN validate the content of those variables.$_POST['pass'] is not vulnerable to attack (I'm pretty sure) because the first thing you do with it is hash it. But the ['pass'] element should still be tested to see (1) if it exists and (2) if it contains a value.empty() does both of these things simultaneously, so I usually use it instead of isset.isset() is usually sufficient for checking SESSION values, since I generally don't care what the value is.

Sorry i make a big mistake, before i post this Login script i modified it :S sorry.Only this code i modified itThis is the original code

$sql = "SELECT * FROM users ";$sql.= "WHERE (nick='".$nick."'";$sql.= " AND password='".$pass."')";

and this is the modified code, and is working the injection.

$sql ="SELECT * FROM users WHERE nick='$nick' AND password='$pass'";

I cant figure why but is not work the MYSQL infection to the original codeBut ok i modifying the login php

[phpnoob]

Something is not right :SI modifying the login scrip, and now, if i close the browser and go back to the website, im not logged in :SHelp me

<? function login(){if ($_SESSION['loggedin']== TRUE){echo 'Hella '.$_SESSION['nick'].'<br><br><a href="logout.php">Log out</a>';}else{echo '<h5>Log In</h5><br> <form action="'.$_SERVER['PHP_SELF'].'" method="post"> <input type="text" value="Login name" onBlur="if(this.value==\'\') this.value=\'Login name\';" onFocus="if(this.value==\'Login name\') this.value=\'\';" name="nick" size="15"><br> <input type="password" value="1234567890123" onBlur="if(this.value==\'\') this.value=\'1234567890123\';" onFocus="if(this.value==\'1234567890123\') this.value=\'\';" name="pass" size="15"> <input type="submit" name="login" value="OK"></form><br><br><br>';}if ($_POST['login']){if (!empty($_POST['nick']) && !empty($_POST['pass'])){$nick = mysql_real_escape_string($_POST['nick']);$pass = mysql_real_escape_string (md5($_POST['pass']));$sql = "SELECT * FROM users ";$sql.= "WHERE (nick='".$nick."'";$sql.= " AND pass='".$pass."')";$query = mysql_query($sql);if (mysql_num_rows($query) == 1){$_SESSION['nick'] = mysql_real_escape_string($_POST['nick']);$_SESSION['loggedin'] = TRUE; setcookie("nick", $nick, time()+7200);header("Location: ".$_SERVER['PHP_SELF']);}else{echo 'Wrong Pass/Nick';}}else{echo 'Enter a name and password.'; die ();}}}?>

[justsomeguy]

You are tracking the log in using the session. Sessions expire when you close the browser. If you want the user to always be logged in then you need to use cookies instead of sessions. You can set the expiration time on a cookie yourself, so it will last as long as you want it to.