Posted by Jerry Stuckle on 03/28/07 20:42

Nosferatum wrote:
> This script is meant to limit access by sessions, using username and
> password from mysql db and redirect users after login according to a
> given value belonging to each user in the db (10,20,30,40).
>
> (the included config is just server settings, the login is just a
> login form).
>
> The script appear to connect but will not redirect users, it seems
> that even with correct login details, it won't validate.
>
> this code is in top of each protected page granting access to users
> with user level 10:
> <?php $allow = array (10);include ("../protect/protect.php"); ?>
>
>
> THE SCRIPT (protect.php):
>
> <?php
>
> session_start ();
>
> // --------------------------------THE
> VARIABLES---------------------------------- //
>
> @include ("config.php");
>
> // ----------------------------------THE CODE
> ------------------------------------ //
>
> function clearance ($user_value, $pass_value, $level_value,
> $userlevel_value, $table_value, $column1, $column2, $path) { //
> Function to see if user can login
>
> $check = mysql_query ("SELECT $userlevel_value FROM $table_value
> WHERE username='$user_value' AND password='$pass_value'"); // Query to
> see if user exists
>

You should check to see if $check contains a result set or false (the
latter indicating an error).

> $verify = mysql_num_rows ($check);
>
>
>
> $get = mysql_fetch_array ($check);
>

Don't try to fetch the array unless the return from mysql_query() is a
result set and mysql_num_rows is > 0.

> if (count ($level_value) != 0) { // If the allow array contains
> userlevels
>
> if (in_array ($get[$userlevel_value], $level_value) && $verify > 0)
> { // Search allow to see if userlevels match
>
> $_SESSION['username'] = $user_value; // Register sessions
> $_SESSION['password'] = $pass_value; // password
> $_SESSION['userlevel'] = $get[$userlevel_value];
>
> }
> //redirect users according to user level
> if ($verify > 0); {
> $row = mysql_fetch_array($check);

You just fetched the array up above. This will attempt to get the
second row in the result set. is this what you want?

> }
>
> switch($row['userlevel_value']) {
> case '10':
> header("location:/hidden/folder1/index.php");
> break;
> case '20':
> header("location:/hidden/folder2/index.php");
> break;
> case '30':
> header("location:/hidden/folder3/index.php");
> break;
> case '40':
> header("location:/hidden/folder4/index.php");
> break;
> default:
> printf("Invalid username and password<br>\n");
> }
> //end redirect
>
>
>
> } else {
>
> if ($verify == 0) { // If attempt fails then redirect to login page
>
> $_SESSION = array();
>
> $error = "Sorry, invalig login";
>
> @include ("login.php");
>
> exit;
>
> }
>
> if ($verify > 0) { // If attempt is good then register the user
>
> $_SESSION['username'] = $user_value;
> $_SESSION['password'] = $pass_value;
>
> }
>
> }
>
> }
>
> function protect ($level_value, $password_value, $userlevel_value,
> $table_value, $column1, $path) { // Function to keep pages secure
>
> if (!isset ($_SESSION['username'])) { // If session doesn't exist
> then get user to login
>
> if (isset ($_POST['username']) && isset ($_POST['password'])) {
>
> $error = "Sorry, username or password doesnt fit";
>
> }
>
> $_SESSION = array();
>

$_SESSION is already an array - which you just wiped out. Don't do
this. Unset the appropriate array values if necessary.

> @include ("login.php");
>

Why are you including this twice? Make it a function and include it
once at the top. Then call that function if necessary.

> exit;
>
> } else { // If user is logged in check to see if session is valid and
> that they have the required userlevel
>
> $check = mysql_query ("SELECT $password_value, $userlevel_value FROM
> $table_value WHERE $column1='$_SESSION[username]'"); // Query to see
> if user exists
>
> $verify = mysql_num_rows ($check);
>
> $get = mysql_fetch_array ($check);
>
> if ($verify == 0) {
>
> $_SESSION = array();
>

Again, don't try to set $_SESSION to an array.

> $error = "Something wrong with your login";
>
> @include ("login.php");
>

And a third time?

> exit;
>
> }
>
> if ($verify > 0 && count ($level_value) != 0) {
>
> if (!in_array ($get[$userlevel_value], $level_value)) { // Check to
> see if the users userlevel allows them to view the page
>
> $error = "Sorry, no access";
>
> @include ("login.php");
>
>

FOUR times?
exit; // Ensure no other data is sent
>
> }
>
> }
>
>
>
> }
>
> }
>
> if (isset ($_POST['username']) && isset ($_POST['password'])) { // If
> user submits login information then validate it
>
> clearance ($_POST['username'], $_POST['password'], $allow,
> $userlevel, $table, $username, $password, $path);
>
> }
>
> protect ($allow, $password, $userlevel, $table, $username, $path);
>
> mysql_close ($link); // Close the database connection for security
> reasons
>
> // -----------------------------------THE END
> ------------------------------------ //
>
> ?>
>

Just what I saw from a quick glance. There may be more.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Files into MySQL
• Prev in forum: Re: Compiling PHP with mysql
• Thread view: Re: Whats wrong with this security script?

[Reply to this message]