Solved

is my login script vulnerable to sql injection attacks, if yes, what should i do

Posted on 2007-11-16
3
331 Views
Last Modified: 2013-12-13
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
  $GLOBALS['PrevUrl'] = $accesscheck;
  session_register('PrevUrl');
}

if (isset($_POST['user'])) {
  $loginUsername=$_POST['user'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "login.php";
  $MM_redirectLoginFailed = "login.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_mine, $mine);
 
  $LoginRS__query=sprintf("SELECT user_name, password, user_id, role, first_name, last_name, company_id, email FROM user WHERE user_name='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
   
  $LoginRS = mysql_query($LoginRS__query, $mine) or die(mysql_error());
  $row_LoginRS = mysql_fetch_assoc($LoginRS);
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
   
    //declare two session variables and assign them
    $GLOBALS['MM_Username'] = $loginUsername;
      $GLOBALS['user1'] = $row_LoginRS['user_id'];      
      $GLOBALS['level'] = $row_LoginRS['role'];
      $GLOBALS['name'] = $row_LoginRS['first_name'];      
      $GLOBALS['lname'] = $row_LoginRS['last_name'];
      $GLOBALS['comp'] = $row_LoginRS['company_id'];      
      $GLOBALS['email'] = $row_LoginRS['email'];
      $GLOBALS['MM_UserGroup'] = $loginStrGroup;           

//register the session variables
session_start();
session_register("MM_Username");
session_register('user1');      
session_register('level');
session_register('name');
session_register('lname');
session_register('comp');
session_register('email');
session_register("MM_UserGroup");
$valid_user = 1;

0
Comment
Question by:jblayney
  • 2
3 Comments
 
LVL 3

Expert Comment

by:kylealanhale
ID: 20299465
Well, you do add slashes, that's good.  The only other thing I would suggest would be to put anything (such as those username and password values) through quick regex check to make sure they only have the characters you want.  Something like
if (!preg_match('/[^\w\d!@#]{6,15}$/', $username)) die('Invalid username.');

Open in new window

0
 
LVL 3

Accepted Solution

by:
kylealanhale earned 200 total points
ID: 20299486
Sorry, small typo; here's a (hopefully) bug free example.  Untested, but the principle is true.  By the way, this checks for a username between 6 and 15 characters long, either a letter or a number, or the character !, @, or #.
if (!preg_match('/^[a-zA-Z\d!@#]{6,15}$/', $username)) die('Invalid username.');

Open in new window

0
 
LVL 1

Author Comment

by:jblayney
ID: 20300081
thank you
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mysql update statement 3 23
Insert values are dynamic 11 42
Dynamic varibles 5 34
PHP Syntax Error 4 27
This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to dynamically set the form action using jQuery.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question