|
|
Posted by Phil Latio on 11/01/06 19:09
Found the below script in a book I am reading.
However it seems to me to fatal flaw that if you run it but type in the
wrong the details, you're basically buggered. As far as I can see, whatever
is initially entered into PHP_AUTH_USER and PHP_AUTH_PW are stored and then
compared against the database. However #10 simply looks for the presence of
data in PHP_AUTH_USER and PHP_AUTH_PW, finds something and compares it
again in a loop you cannot break out of.
Can someone confirm what I am saying or have I missed something obvious.
Cheers
Phil
<?php
/* Program: Auth.php
* Desc: Program that prompts for a user name and
* password from the user using HTTP authentication.
* The program then tests tests whether the user
* name and password match a user name and password
* pair stored in a MySQL database.
*/
//Testing whether the user has been prompted for a user name
if (!isset($_SERVER['PHP_AUTH_USER'])) #10
{
header('WWW-Authenticate: Basic realm="secret section"');
header('HTTP/1.0 401 Unauthorized'); #13
exit("This page requires authentication!"); #14
} #15
// Testing the user name and password entered by the user
else
#18
{
include("Vars.inc");
#20
$user_name = trim($_SERVER['PHP_AUTH_USER']);
#21
$user_password= trim($_SERVER['PHP_AUTH_PW']);
$connection = mysqli_connect($host, $user, $passwd) or die("Couldn't
connect to server."); #24
$db = mysqli_select_db($connection, $database) or
die("Couldn't select database.");
$sql =
"SELECT user_name FROM Valid_User WHERE user_name = '$user_name' AND
password = md5('$user_password')";
$result = mysqli_query($connection, $sql) or die("Couldn't execute
query."); #31
$num = mysqli_num_rows($result);
#32
if ($num < 1) // user name/password not found #33
{
exit("The User Name or password you entered is not valid.<br>");
} #37
} #38
// Web page content. #39
include ("Welcome.inc"); #40
?>
Navigation:
[Reply to this message]
|