Re: trying to figure out the best/efficient way to tell who is logged into a site..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message ----- From: "Ben" <ben@xxxxxxxxxxxxxxxxx>
Newsgroups: php.general
To: "Gustav Wiberg" <gustav@xxxxxxxxxxxxxx>
Sent: Wednesday, September 14, 2005 7:35 PM
Subject: Re: trying to figure out the best/efficient way to tell who is logged into a site..


Gustav Wiberg wrote:

All you guys, please comment if the code is well or bad written and why... :-)

Since you asked, a few things popped out from a security perspective, though I didn't read through your code very thoroughly....


<?php

function chkIfPasswordTrue($un, $pw, $typeUser) {

//Make username and password in-casesensitive
//
$un = strtolower($un);

$pw = strtolower($pw);


Why limit your usernames/passwords to lower case? You've just made them significantly easier to brute force.

That's a good point. The reason is that our targetgroup users is users with a little knowledge of computers and therefore it might be easy to miss that caps-lock is pushed in, and out... and the combination of small and big letters... But you're right... Probably I'll change this. Thanx!




$sql = $sql . "SELECT IDAnvandare FROM tbanvandare WHERE";

$sql = $sql . " Anvandarnamn=" . safeQuote($un) . " AND";

$sql = $sql . " Losenord=" . safeQuote($pw) . " AND";


Where is your safeQuote() function coming from? From what I can see of your code you aren't doing any testing against the username and password before they are used as part of your SQL query. Sure would suck to have an unauthenticated user drop or otherwise muck with your db!

Hm. The safeQuote() function is always called before these functions are called and is

<?php
function safeQuote($value)
{
  // Stripslashes
  if (get_magic_quotes_gpc()) {
      $value = stripslashes($value);
  }
  // Quote if not integer
  if (!is_numeric($value)) {
      $value = "'" . mysql_real_escape_string($value) . "'";
  }

  return $value;
}
?>




if (isset($_REQUEST["frmUsername"])) {

$un = $_REQUEST["frmUsername"];

If you're going to use $_REQUEST you might as well just turn on register globals (no, don't!).
*hehe*


If you're expecting a post look for a $_POST, if you're expecting a get look for a $_GET. Ditto with cookies. You really need to know where your variables are coming from if you want a measure of security.
Yes, you're right. I wrote this code before I came in contact with $_POST and $_GET. Thanx again! It's appreciated! :-)

/G
http://www.varupiraten.se/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux