Do's And dont's ?

Hi, i have a question..

I have bought a script from someone um about… a year ago or so.. This script is a index.php using inludes (index.php?pagina=leden/inloggen) And sutch

First i didn't want to use it again becouse my mysql table of "users" got dropped by i think an sql injection..

I already knew stuff about scripting, but i never really got the chance to learn it, so i now bought a "php5 & mysql" book and reading it..

Now ive been scripting for a while and i want to use my old script again.. Ive asked in the beginning if i could edit the code as i wanted, as long as i leaved his copyright and/or didn't sell it myself..

Now i know for a fact (or so i think) that you really should NOT save a PASSWORD in a focking cookie..

I emailed him for updates and pointed him that out.. he saiz that its perfectly safe, but i know better..

My question is, if i want a safe login script using cookies i should store "id, ip and a random hash" (read this somewhere)

So that should be safe.. or is it not ?

My real question is, what can i save in a cookie that i can check witht the database if it really is the user or not!!

hey dude, you're best off using sessions, as cookie poisoning is very simple and easily performed. sessions are alot securer and are all server side.

Session fixation…

system man, Sessions rock xD

As long as you use session_regenerate_id();

J3sus wrote: hey dude, you're best off using sessions, as cookie poisoning is very simple and easily performed. sessions are alot securer and are all server side.

I'm sure i can read all about that in my php book as it also includes samples of a login script using sessions…

But none of you all answered my question:

WHAT CAN I SAVE INSIDE A SESSION/COOKIE ? Username, password, id, ip, hash…

and how do i make it see if it is valid with users in db?

blazex wrote: [quote]J3sus wrote: hey dude, you're best off using sessions, as cookie poisoning is very simple and easily performed. sessions are alot securer and are all server side.

I'm sure i can read all about that in my php book as it also includes samples of a login script using sessions…

But none of you all answered my question:

WHAT CAN I SAVE INSIDE A SESSION/COOKIE ? Username, password, id, ip, hash…

and how do i make it see if it is valid with users in db?[/quote]

You can save anything in a cookie or a session…

Example:

setcookie( "whatever", "value" );
$_SESSION['whatever'] = "whatever";

and to check if it's valid just use an if statement to see if the cookie/session data matches the result from a select statement or whatever

EDIT, okay lets break this down…

This is my code (paginas/leden/inloggen.php) :

<? 
/*
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
© Alle rechten voorbehouden - Arne De Muyter
Dit script is auteursrechtelijk beschermd en niks van dit script mag zonder toestemming gekopieerd of gebruikt worden!!
Deze copyright mag om geen enkele reden verwijderd worden, wat anders kan leiden tot vervolging...
http://www.phpscripting.be
••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
*/

if(empty($_GET['pagina']))
{
	echo "Deze pagina mag niet rechtstreeks geopend worden. Hiervoor hebt u het paginascript nodig.";
	exit;
}

if(empty($_COOKIE['gebruikersnaam']))
{
	if($_GET['actie'] == "verzenden") 
	{ 
		$wachtwoord = md5($_POST['wachtwoord']);

		if (empty($_POST['gebruikersnaam']) || empty($_POST['wachtwoord']))
		{
			echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
			echo "<tr>";
			echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Fout</b></td>";
			echo "</tr>";
			echo "<tr><td width=\"100%\">";
			echo "Je hebt je gebruikersnaam of wachtwoord niet ingevuld... <a href=\"javascript:history.go(-1)\">Ga terug</a>";
			echo "</td></tr></table><br>";
		}
		else
		{
			$select = "SELECT * FROM leden_gegevens WHERE gebruikersnaam = '".$_POST['gebruikersnaam']."' AND strafpunten < '3' AND status != 'Verbannen'";
			$query = mysql_query($select)or die(mysql_error());
			$aantal = mysql_num_rows($query);
			$list = mysql_fetch_object($query);

			if ($aantal == "0")
			{
				echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
				echo "<tr>";
				echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Fout</b></td>";
				echo "</tr>";
				echo "<tr><td width=\"100%\">";
				echo "Deze gebruikersnaam bestaat niet of je bent verbannen... <a href=\"javascript:history.go(-1)\">Ga terug</a>";
				echo "</td></tr></table><br>";
			}
			elseif ($list->wachtwoord != $wachtwoord)
			{
				echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
				echo "<tr>";
				echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Fout</b></td>";
				echo "</tr>";
				echo "<tr><td width=\"100%\">";
				echo "Het wachtwoord klopt niet... <a href=\"javascript:history.go(-1)\">Ga terug</a>";
				echo "</td></tr></table><br>";
			}
			else
			{
				$update = "UPDATE leden_gegevens SET ip = '".$ip."' WHERE gebruikersnaam = '".$_POST['gebruikersnaam']."'";
				mysql_query($update)or die(mysql_error());

				if ($_POST['openbaar'] == "1") 
				{
					setcookie("gebruikersnaam", $_POST['gebruikersnaam'], time() +3600, "/");
					setcookie("wachtwoord", $wachtwoord, time() +3600, "/");

					echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
					echo "<tr>";
					echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Openbare computer</b></td>";
					echo "</tr>";
					echo "<tr><td width=\"100%\">";
					echo "Je bent succesvol ingelogd als <b>".$_POST['gebruikersnaam']."</b>!<br>";
					echo "Omdat je op een openbare computer zit, blijf je maar voor 1 uur ingelogd!";
					echo "</td></tr></table><br>";

					echo "<meta http-equiv=\"refresh\" content=\"2;URL=index.php\">";
				}
				else
				{
					setcookie("gebruikersnaam", $_POST['gebruikersnaam'], time() + $_POST['tijd'], "/");
					setcookie("wachtwoord", $wachtwoord, time() + $_POST['tijd'], "/");

					echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
					echo "<tr>";
					echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Inloggen</b></td>";
					echo "</tr>";
					echo "<tr><td width=\"100%\">";
					echo "Je bent succesvol ingelogd als <b>".$_POST['gebruikersnaam']."</b>!";
					echo "</td></tr></table><br>";

					echo "<meta http-equiv=\"refresh\" content=\"1;URL=index.php\">";
				}
			}
		}	

	} 
	else 
	{ 
		echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
		echo "<tr>";
		echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"23%\"><b>Inloggen</b></td>";
		echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"77%\"></td>";
		echo "</tr>";
		echo "<form method=\"POST\" action=\"?pagina=leden/inloggen&actie=verzenden\" name=\"formulier\" onsubmit=\"wachten()\">";
		echo "<tr>";
		echo "<td width=\"23%\">Gebruikersnaam</td>"; 
		echo "<td width=\"77%\"><input type=\"text\" name=\"gebruikersnaam\" size=\"20\"></td>"; 
		echo "</tr>"; 
		echo "<tr>";
		echo "<td width=\"23%\">Wachtwoord</td>"; 
		echo "<td width=\"77%\"><input type=\"password\" name=\"wachtwoord\" size=\"20\"></td>"; 
		echo "</tr>"; 
		echo "<tr>"; 
		echo "<td width=\"23%\">Hoe lang?</td>"; 
		echo "<td width=\"77%\"><select size=\"1\" name=\"tijd\">"; 
		echo "<option value=\"31536000\">1 jaar</option>";
		echo "<option value=\"2592000\">1 maand</option>";
		echo "<option value=\"604800\">1 week</option>";
		echo "<option value=\"86400\">1 dag</option>";
		echo "</select></td>"; 
		echo "</tr>"; 
		echo "<tr>"; 
		echo "<td width=\"23%\"> </td>"; 
		echo "<td width=\"77%\"><input type=\"checkbox\" name=\"openbaar\" value=\"1\">Openbare computer? | <a href=\"?pagina=leden/wachtwoordwijzigen\">Wachtwoord opvragen</a></td>"; 
		echo "</tr>"; 
		echo "<tr>";
		echo "<td></td>";
		echo "<td><input type=\"submit\" value=\"Inloggen\" name=\"knop\"> <input type=\"reset\" value=\"Opnieuw\" name=\"opnieuw\"></td></tr></table>";
		echo "</form>"; 
	}
}
else
{
	echo "<table cellpadding=\"".$website['cellpadding']."\" cellspacing=\"".$website['cellspacing']."\" border=\"".$website['border']."\" width=\"".$website['width']."\" style=\"border: 1px solid ".$website['bordercolor']."\">";				
	echo "<tr>";
	echo "<td class=\"head\" bgcolor=\"".$website['bgcolor']."\" width=\"100%\"><b>Inloggen</b></td>";
	echo "</tr>";
	echo "<tr><td width=\"100%\">";
	echo "Je bent al ingelogd als <b>".$_COOKIE['gebruikersnaam']."</b>...";
	echo "</td></tr></table><br>";
}
?> 

As you can see my password is MD5 encoded in cookie… Im thinking, if someone can steal my cookies..

This script includes, deleting, modiefieng, altering forum posts, news posts, members & their data…

If som1 steals my cookies they can screw up my site right ?

save everything in sessions. eg userhash session # user id username user status anything!!

thats the best way

IF IT'S IN SESSIONS IT DOESN'T MATTER, BECAUSE IT IS ENCRYPTED AND NO ONE CAN SEE IT, NOW STOP USING CAPITALS AND READ WHAT WE WROTE EARLIER, AND YOU'LL SEE THAT WE ALREADY EXPLAINED SESSIONS ARE SAFER.

Jesus fucking christ some people are blind.

system_meltdown wrote: IF IT'S IN SESSIONS IT DOESN'T MATTER, BECAUSE IT IS ENCRYPTED AND NO ONE CAN SEE IT, NOW STOP USING CAPITALS AND READ WHAT WE WROTE EARLIER, AND YOU'LL SEE THAT WE ALREADY EXPLAINED SESSIONS ARE SAFER.

Jesus fucking christ some people are blind.

Im not blind i'm autistic ^^ (srr cant help it)

w00t autism TW

i have AS!

J3sus wrote: w00t autism TW

i have AS!

Lol i know, i almost always ask for confirmation if i ask a question.. Some ppl just call me a whiner :p (maybe i am)

edit: So i guess changing the cookies into sessions would pretty much do the trick ;)

For FUCKS sake you ungrateful cunt.

If you understood fully the question you were asking, you would of been sorted now thanks to system_meltdown.

Don't push me. I hate people like you.

flash, you hate alot of people.. but not everybody hates you, you're a respected member of this comunity and i knew Ac1d looked upto you when he began to learn the ways of a hacker, just relax sometimes and please chill, look at thigns from other people's purspectives

J3sus wrote: flash, you hate alot of people.. but not everybody hates you, you're a respected member of this comunity and i knew Ac1d looked upto you when he began to learn the ways of a hacker, just relax sometimes and please chill, look at thigns from other people's purspectives

Heh, he's Ac1d. You know much about Flash and you created this account few hours ago.

What a fluke :)

kaksii wrote: [quote]J3sus wrote: flash, you hate alot of people.. but not everybody hates you, you're a respected member of this comunity and i knew Ac1d looked upto you when he began to learn the ways of a hacker, just relax sometimes and please chill, look at thigns from other people's purspectives

Heh, he's Ac1d. You know much about Flash and you created this account few hours ago.

What a fluke :)[/quote]

you're detective skills are good, but they decieve you today, as i am not Ac1d, nothing says i do not speak to Ac1d as i type this message, but i can garuntee that i am not Ac1d.

Autism isn't an excuse. It's a challenge for you to overcome. To blame every single mistake you make on such liabilities makes you weak and poor.

And about the whole ac1d thing; who cares, he's dead. He was the worst wannabe hacker I ever laid eyes on anyway.

The original question was already answered (and "highlighted" in caps lock), so this thread is over.

spyware wrote: Autism isn't an excuse. It's a challenge for you to overcome. To blame every single mistake you make on such liabilities makes you weak and poor.

And about the whole ac1d thing; who cares, he's dead. He was the worst wannabe hacker I ever laid eyes on anyway.

The original question was already answered (and "highlighted" in caps lock), so this thread is over.

a person's life is what you make of it. you may have seen Ac1d as a 'wannabe', but i think he's more of a hacker than you'll ever be!

J3sus wrote: a person's life is what you make of it. you may have seen Ac1d as a 'wannabe', but i think he's more of a hacker than you'll ever be!

That's because you are stupid. (no reason to give arguments for this, as you proved my point by simply posting silly things)

i'm the one posting silly things? I'm not the one that disrespects a well known hackers day of death as it were. im not the one going 'whoohoo' and holdingh a virtual party.

you're simply pathetic

J3sus wrote: i'm the one posting silly things? I'm not the one that disrespects a well known hackers day of death as it were. im not the one going 'whoohoo' and holdingh a virtual party.

you're simply pathetic

Ac1d isn't well known, no one here is well known. We are nothing. I don't disrespect anyone's death for ac1d is not dead. He wants to change his nick because there is too much n00byness attached to it.

About the virtual party: free beers and snacks everyone. Lets get this thing going!

yet you name yourself after a very weak and corrupt type of program.

J3sus wrote: yet you name yourself after a very weak and corrupt type of program.

I named myself after the famous quote: "Spy? Where?".

EDIT:

Actually, I named myself after the famous quote: "S-pie? Where?". S-pie is a dutch pie which I like very much. The S stands for "super".

of course you did good sir ;)

J3sus wrote: of course you did good sir ;)

Its better to have a bad name and be a good person…

mozzer wrote: Its better to have a bad name and be a good person…

I have a good name! But I am a bad person :ninja:, very, very bad. :evil:

J3sus wrote: yet you name yourself after a very weak and corrupt type of program.

spyware wrote: I named myself after the famous quote: "Spy? Where?".

EDIT:

Actually, I named myself after the famous quote: "S-pie? Where?". S-pie is a dutch pie which I like very much. The S stands for "super".

Not trying to start any flame wars, but I'm actually astonished that no one mentioned anything about your name ins regards to that post J3sus :P

If I were spyware, I would've said "and you named yourself after a false prophet." But alas, I am not, so I will not. ^_^' Lol

Sorry, just thought I had to mention it ;)

eXec_ti0ner wrote: [quote] J3sus wrote: yet you name yourself after a very weak and corrupt type of program.

spyware wrote: I named myself after the famous quote: "Spy? Where?".

EDIT:

Actually, I named myself after the famous quote: "S-pie? Where?". S-pie is a dutch pie which I like very much. The S stands for "super".

Not trying to start any flame wars, but I'm actually astonished that no one mentioned anything about your name ins regards to that post J3sus :P

If I were spyware, I would've said "and you named yourself after a false prophet." But alas, I am not, so I will not. ^_^' Lol

Sorry, just thought I had to mention it ;)[/quote]

and then 1337ed his name!

eXec_ti0ner wrote: Sorry, just thought I had to mention it ;)

We're sorry, too, seeing as the last post was over a month ago.

Locked,

THANKS FOR BUMPING YOU IDIOT