mysql account/user login
Hey guys I just started programming with mysql I have basically finished my account/user script but there's one thing I don't know how to fully "better" prevent mysql injections so I thought I could post my script and you guys could help me out :D
database.php
<?php
$dbname = 'myuser_test';
$link = mysql_connect("localhost","myuser_george","1234") or die("Couldn't make connection.");
$db = mysql_select_db($dbname, $link) or die("Couldn't select database");
?>
login.php
<?php
include 'database.php';
$user_name = mysql_real_escape_string($_POST['name']);
if ($_POST['Submit']=='Login')
{
$md5pass = md5($_POST['pwd']);
$sql = "SELECT id,user_name FROM testdb WHERE
user_name = '$user_name' AND
user_pwd = '$md5pass'";
$result = mysql_query($sql) or die (mysql_error());
$num = mysql_num_rows($result);
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
session_start();
list($user_id,$user_name) = mysql_fetch_row($result);
// this sets variables in the session
$_SESSION['user']= $user_name;
if (isset($_GET['ret']) && !empty($_GET['ret']))
{
header("Location: $_GET[ret]");
} else
{
header("Location: home.php");
}
//echo "Logged in...";
exit();
}
header("Location: login.php?msg=Invalid Login");
//echo "Error:";
exit();
}
?>
<link href="styles.css" rel="stylesheet" type="text/css">
<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>
<form name="form1" method="post" action="">
User
<input name="name" type="text" id="name">
Password:
<input name="pwd" type="password" id="pwd">
<input type="submit" name="Submit" value="Login">
<a href="register2.php">Register</a> | <a href="forgot2.php">Forgot</a>
</form>
home.php
<?php
session_start();
if (!isset($_SESSION['user']))
{
die ("Access Denied");
}
?>
<?php if (isset($_SESSION['user'])) { ?>
<p>Logged as
<b><?php echo $_SESSION['user']; ?></b> | <a href="logout.php">Logout</a> </p>
<?php } ?>
three codes I didn't post logout.php and register.php which I think aren't needed for my question.
Thanks for helping.
-Nationz
MoshBat wrote: Just shoving things like strip_tags() and addslashes() around the username input should help. using strip_tags allowz 4 splitting a tag w/ itself ( <in<input>put> ) unless u recursive it. use htmlentities. iz better
mysql_real_escape_string does better then addslashes cuz it prevents attackz from different char sets n it escapes nl / cr chars. newlines could b used 2 segment n injection 2 hide from black list.
@person dat started thread: protect ur session w/ a uniq identifyer. sha1 / md5 username n a random hash, check that it matches username. not checkin dat user session var just exists
nationz wrote: By the way how can I test if the code to prevent mysql injection works "sorry I don't know a lot about mysql injections"
And Thanks for the previews answers.
they have plenty of challenges to get you started and get you in the right mind set for learning sql injections. Just roam through the basic challenges and learn what you can. Use the articles that help you with those challenges, and dont ever forget about google.