Re: how to not show login info in the url ...what am I looking for?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-12-09 at 15:41 -0600, Terion Miller wrote:
> So I have this login information passing parameters in the url to the next
> page (this is on a intranet app) which I thought was no big deal until a
> wise crack graphics guy decided to hack it because he could by changing the
> ?adminID=  until he got one that worked...he didn't do anything except alert
> my boss so now I have to hide this info how does one do this?  Once again I
> am not a programmer just inherited the job....and the code...
> Here is the login page code:
> 
> <?php
> if (isset($_POST['UserName'])) {$UserName = $_POST['UserName'];} else
> {$UserName = '';}
> if (isset($_POST['Password'])) {$Password = $_POST['Password'];} else
> {$Password = '';}
> 
> $msg = '';
> 
> if (!empty($UserName)) {
> 
>     $sql = "SELECT * FROM admin WHERE UserName='$UserName' and
> Password='$Password'";
>     $result = mysql_query ($sql);
>     $row = mysql_fetch_object ($result);
> 
>     If (mysql_num_rows($result) > 0) {
>         $_SESSION['AdminLogin'] = "OK";
>         header ("Location: Main.php?AdminID=". $row->AdminID);
>     } else {
>         $msg = "Invalid Login";
>     }
> }
> 
> ?>
> 
> <HTML>
> 
> <HEAD>
> <TITLE>Work Order System - Administrative Section</TITLE>
> <LINK REL="STYLESHEET" HREF="inc/style.css">
> <script language="JavaScript">
> <!--
>     function leftTrim(sString) {
>         while (sString.substring(0,1) == ' ') {
>             sString = sString.substring(1, sString.length);
>         }
>         return sString;
>     }
> 
>     function chkData1(objForm) {
> 
>         objForm.UserName.value = leftTrim(objForm.UserName.value);
>         if (objForm.UserName.value.length == 0) {
>             alert("Please enter your User Name.");
>             objForm.Email.focus();
>             return false;
>         }
> 
>         objForm.Password.value = leftTrim(objForm.Password.value);
>         if (objForm.Password.value.length == 0) {
>             alert("Please enter a your Password.");
>             objForm.Password.focus();
>             objForm.Password.select();
>             return false;
>         }
>         return true;
>     }
> 
> //-->
> </script>
> 
> </HEAD>
> 
> <BODY LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
> <TABLE WIDTH="780" BORDER="0" CELLSPACING="0" CELLPADDING="0">
> 
> <TR>
> <TD>&nbsp;</TD>
> </TR>
> <TR>
> <TD ALIGN="CENTER"><B>Work Order System - Administrative
> Section</B><BR><BR></TD>
> </TR>
> <TR>
> <TD>
> <?php
>     If (!empty($msg)){
>         echo "<div class=\"cl_Error\">". $msg ."</div>";
>     }
> ?>
> 
> <form name="form1" method="post" action="Index.php" onSubmit="return
> chkData1(this)">
> <TABLE WIDTH="300" BORDER="0" CELLSPACING="0" CELLPADDING="2" ALIGN="center"
> bgcolor="#CCCCCC">
>     <TR>
>         <TD HEIGHT="22"><div class="admin_Main">Username:</div></TD>
>         <TD HEIGHT="22"> <INPUT TYPE="text" NAME="UserName"></TD>
>     </TR>
>     <TR>
>         <TD><div class="admin_Main">Password:</div></TD>
>         <TD><INPUT TYPE="password" NAME="Password"></TD>
>     </TR>
>     <TR>
>         <TD colspan="2" align="center"><INPUT TYPE="submit" VALUE="Login">
> </TD>
>     </TR>
> </TABLE>
> </form>
> <BR>
> 
> Thanks guys and gals!
You shouldn't be passing info like that over the URL; use sessions
instead.

I saw a shopping cart system once that passed the price of items over
the URL, and when I found out and alerted them, we won the contract for
a rebuild and then got accused of hacking by their previous web guys
(who incidentally built the system!)


Ash
www.ashleysheridan.co.uk


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux