Reply to Re: Whats wrong with this security script?

Your name:


Posted by Jerry Stuckle on 03/28/07 20:42

Nosferatum wrote:
> This script is meant to limit access by sessions, using username and
> password from mysql db and redirect users after login according to a
> given value belonging to each user in the db (10,20,30,40).
> (the included config is just server settings, the login is just a
> login form).
> The script appear to connect but will not redirect users, it seems
> that even with correct login details, it won't validate.
> this code is in top of each protected page granting access to users
> with user level 10:
> <?php $allow = array (10);include ("../protect/protect.php"); ?>
> THE SCRIPT (protect.php):
> <?php
> session_start ();
> // --------------------------------THE
> VARIABLES---------------------------------- //
> @include ("config.php");
> // ----------------------------------THE CODE
> ------------------------------------ //
> function clearance ($user_value, $pass_value, $level_value,
> $userlevel_value, $table_value, $column1, $column2, $path) { //
> Function to see if user can login
> $check = mysql_query ("SELECT $userlevel_value FROM $table_value
> WHERE username='$user_value' AND password='$pass_value'"); // Query to
> see if user exists

You should check to see if $check contains a result set or false (the
latter indicating an error).

> $verify = mysql_num_rows ($check);
> $get = mysql_fetch_array ($check);

Don't try to fetch the array unless the return from mysql_query() is a
result set and mysql_num_rows is > 0.

> if (count ($level_value) != 0) { // If the allow array contains
> userlevels
> if (in_array ($get[$userlevel_value], $level_value) && $verify > 0)
> { // Search allow to see if userlevels match
> $_SESSION['username'] = $user_value; // Register sessions
> $_SESSION['password'] = $pass_value; // password
> $_SESSION['userlevel'] = $get[$userlevel_value];
> }
> //redirect users according to user level
> if ($verify > 0); {
> $row = mysql_fetch_array($check);

You just fetched the array up above. This will attempt to get the
second row in the result set. is this what you want?

> }
> switch($row['userlevel_value']) {
> case '10':
> header("location:/hidden/folder1/index.php");
> break;
> case '20':
> header("location:/hidden/folder2/index.php");
> break;
> case '30':
> header("location:/hidden/folder3/index.php");
> break;
> case '40':
> header("location:/hidden/folder4/index.php");
> break;
> default:
> printf("Invalid username and password<br>\n");
> }
> //end redirect
> } else {
> if ($verify == 0) { // If attempt fails then redirect to login page
> $_SESSION = array();
> $error = "Sorry, invalig login";
> @include ("login.php");
> exit;
> }
> if ($verify > 0) { // If attempt is good then register the user
> $_SESSION['username'] = $user_value;
> $_SESSION['password'] = $pass_value;
> }
> }
> }
> function protect ($level_value, $password_value, $userlevel_value,
> $table_value, $column1, $path) { // Function to keep pages secure
> if (!isset ($_SESSION['username'])) { // If session doesn't exist
> then get user to login
> if (isset ($_POST['username']) && isset ($_POST['password'])) {
> $error = "Sorry, username or password doesnt fit";
> }
> $_SESSION = array();

$_SESSION is already an array - which you just wiped out. Don't do
this. Unset the appropriate array values if necessary.

> @include ("login.php");

Why are you including this twice? Make it a function and include it
once at the top. Then call that function if necessary.

> exit;
> } else { // If user is logged in check to see if session is valid and
> that they have the required userlevel
> $check = mysql_query ("SELECT $password_value, $userlevel_value FROM
> $table_value WHERE $column1='$_SESSION[username]'"); // Query to see
> if user exists
> $verify = mysql_num_rows ($check);
> $get = mysql_fetch_array ($check);
> if ($verify == 0) {
> $_SESSION = array();

Again, don't try to set $_SESSION to an array.

> $error = "Something wrong with your login";
> @include ("login.php");

And a third time?

> exit;
> }
> if ($verify > 0 && count ($level_value) != 0) {
> if (!in_array ($get[$userlevel_value], $level_value)) { // Check to
> see if the users userlevel allows them to view the page
> $error = "Sorry, no access";
> @include ("login.php");

FOUR times?
exit; // Ensure no other data is sent
> }
> }
> }
> }
> if (isset ($_POST['username']) && isset ($_POST['password'])) { // If
> user submits login information then validate it
> clearance ($_POST['username'], $_POST['password'], $allow,
> $userlevel, $table, $username, $password, $path);
> }
> protect ($allow, $password, $userlevel, $table, $username, $path);
> mysql_close ($link); // Close the database connection for security
> reasons
> // -----------------------------------THE END
> ------------------------------------ //
> ?>

Just what I saw from a quick glance. There may be more.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

[Back to original message]

Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация