php - How to make this login unvulnerable -


this question has answer here:

they have told me log in vulnerable, dont know how make safe, im looking if whants me i'd appreciate it.

when add this: "1' or 1=1 limit 1#" password en login form enters.

here code:

<?php  session_start();  include 'inc/header.php';  include 'panel_funciones.php';    $usuario = $_post["nombre"];  $pass = $_post["pass"];  try {  	$bd = new pdo("mysql:host=localhost;dbname=b9_16267033_1","b9_16267033","12346");  	$bd->query("set names 'utf8'");  } catch (exception $e){  	echo "no se ha podido conectar";  	exit;  }  try{          $sql= "select usuario, pass usuarios usuario='$usuario' , pass='$pass'";  }catch(exception $e){  	echo "error en consulta";  	exit;  }  $iniciosesion = $bd->query($sql);  $result = $iniciosesion->fetchall();  $contar = count($result);    // aqui comienza comprobaciÓn  if ($_session['logueado'] = true) {  	panel();  }  elseif ($contar == 1) {  	$_session['logueado'] = true;  panel();  }  else{  	echo "el usuario o contraseña es incorrecto";  }  include 'inc/footer.php';  ?>

there several known problems page:

  1. sql injection

    $sql= "select usuario, pass usuarios usuario='$usuario' , pass='$pass'";

    the problem use text processing insert in query. modify password , specify ' or 'a'='a', in case entrance. because 'a'='a'. furthermore allows me kinds of queries. '; drop table usuarios. better use prepared statements (or equivalent) don't enter parameters yourself. prepared statements escape parameters such 1 cannot inject sql these.

    you should use prepared statements; like:

    $sql= "select usuario, pass usuarios usuario=? , pass=?"; $stm = $bd->prepare($sql); $stm->execute(array($usuario,$pass)); $result = $stm->fetchall(); $contar = count($result);

  2. unhashed passwords: here manual on password hashing. never store passwords itself. hacker has found weak spot in website , somehow has managed access database, lost. hacker can copy passwords , modify them. furthermore there lot of users use same password on applications making easier hack other websites.

  3. a third aspect found assignment in if statement:

    if ($_session['logueado'] = true) {     panel(); } elseif ($contar == 1) {     $_session['logueado'] = true; panel(); } else{     echo "el usuario o contraseña es incorrecto"; }

    here assign true $_session variable. better way following:

    if($contar == 1) {     $_session['logueado'] = true; } if($_session['logueado']) {     panel(); } else{     echo "el usuario o contraseña es incorrecto"; }

another aspect: cannot make page unvulnerable: chances great hackers find ways circumvent lot of protective measures eventually. security not yes-or-no. point must make hard hackers fail in bypassing security.


Comments

Post a Comment

Popular posts from this blog

node.js - Using Node without global install -

i'm working on few node & electron (atom shell) projects , i'm curious how them work without user having install node globally. i've seen few applications including node directory in project contains node.exe binary. how go setting node project use binary? edit: thought should add, i've searched everywhere answer this, unrelated results.
Read more

How to access a php class file from PHPFox framework into javascript code written in simple HTML file? -

i've website developed using phpfox v3.0.7 . now i'm trying implement 'sse(server sent events)' 1 of php files. reference i'm giving below necessary code part of file. file titled process.class.php , present @ location /var/www/module/notification/include/service/process.class.php present on server having ip http://34.124.40.142/ . <?php /** * [phpfox_header] */ header('content-type: text/event-stream'); header('cache-control: no-cache'); defined('phpfox') or exit('no dice!'); /** * * * @copyright [phpfox_copyright] * @author raymond benc * @package phpfox_service * @version $id: service.class.php 67 2009-01-20 11:32:45z raymond_benc $ */ class notification_service_process extends phpfox_service { /** * class constructor */ public function __construct() { $this->_stable = phpfox::gett('notification'); } public function add($...
Read more

java - Null response to php query in android, even though php works properly -

Image
table i'm trying retrieve above data using 2 php files below. want pass email parameter , return bets user = email. work fine when tested advanced rest client, problem not php. however, when try through android 2 java classes below, null pointer exception (logcat below) , json object returned null. i'm not sure error is, think i'm not passing parameter php , that's why it's producing null response. logcat 05-31 15:10:50.227 26074-26074/com.example.albert.betterapp e/androidruntime﹕ fatal exception: main process: com.example.albert.betterapp, pid: 26074 java.lang.runtimeexception: unable start activity componentinfo{com.example.albert.betterapp/com.example.albert.betterapp.displayallbets}: java.lang.nullpointerexception @ android.app.activitythread.performlaunchactivity(activitythread.java:2292) @ android.app.activitythread.handlelaunchactivity(activitythread.java:2350) @ android.app.activitythread.acce...
Read more