Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

is my login script vulnerable to sql injection attacks, if yes, what should i do

Posted on 2007-11-16
3
Medium Priority
?
339 Views
Last Modified: 2013-12-13
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "login.php";
  $MM_redirectLoginFailed = "login.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_mine, $mine);
 
  $LoginRS__query=sprintf("SELECT user_name, password, user_id, role, first_name, last_name, company_id, email FROM user WHERE user_name='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $mine) or die(mysql_error());
  $row_LoginRS = mysql_fetch_assoc($LoginRS);
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
      $GLOBALS['user1'] = $row_LoginRS['user_id'];      
      $GLOBALS['level'] = $row_LoginRS['role'];
      $GLOBALS['name'] = $row_LoginRS['first_name'];      
      $GLOBALS['lname'] = $row_LoginRS['last_name'];
      $GLOBALS['comp'] = $row_LoginRS['company_id'];      
      $GLOBALS['email'] = $row_LoginRS['email'];
      $GLOBALS['MM_UserGroup'] = $loginStrGroup;           

//register the session variables
session_start();
session_register("MM_Username");
session_register('user1');      
session_register('level');
session_register('name');
session_register('lname');
session_register('comp');
session_register('email');
session_register("MM_UserGroup");
$valid_user = 1;

0
Comment
Question by:jblayney
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 3

Expert Comment

by:kylealanhale
ID: 20299465
Well, you do add slashes, that's good.  The only other thing I would suggest would be to put anything (such as those username and password values) through quick regex check to make sure they only have the characters you want.  Something like
if (!preg_match('/[^\w\d!@#]{6,15}$/', $username)) die('Invalid username.');

Open in new window

0
 
LVL 3

Accepted Solution

by:
kylealanhale earned 800 total points
ID: 20299486
Sorry, small typo; here's a (hopefully) bug free example.  Untested, but the principle is true.  By the way, this checks for a username between 6 and 15 characters long, either a letter or a number, or the character !, @, or #.
if (!preg_match('/^[a-zA-Z\d!@#]{6,15}$/', $username)) die('Invalid username.');

Open in new window

0
 
LVL 1

Author Comment

by:jblayney
ID: 20300081
thank you
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question