[PHP/MySQL] Login Bar

[username1]

bar:

<?php session_start();
 if(isset($_COOKIE['uname'])&&isset($_COOKIE['upass'])) {
  $_SESSION['user_name']=$_COOKIE['uname'];
  $_SESSION['user_pass']=$_COOKIE['upass'];
 }
 if (!isset($_SESSION['user_name']) || !isset($_SESSION['user_pass'])) {
  $logged_in=0;
 } else {
 $link=mysql_connect('127.0.0.1:3306','USER','PASS');
 if(!$link) die('MySQL connection failure');
 mysql_select_db('DB_NAME');
 $query=sprintf("select Id,Password from user where Id='%s' and password='%s'",
  mysql_real_escape_string($_SESSION['user_name']),
  mysql_real_escape_string($_SESSION['user_pass']));
 $result=mysql_query($query);
 $row=mysql_fetch_row($result);
 if($row) {
  $logged_in=1;
  $_SESSION['user_name']=$row[0];
  $_SESSION['user_pass']=$row[1];
 } else {
  unset($_SESSION['username']);
  unset($_SESSION['password']);
  $logged_in=0;
 }
}
if(!$logged_in) {
?><form action=login.php method=post><input type=checkbox name=ks>Login until Jan 19th, 2038 <input type=submit value="Login"><input type=text name=uid size=16 maxlen=16 accesskey=u value="Username"><input type=password name=pass size=16 maxlen=128 accesskey=p value="Password"></form>
<?php } else { ?>
Client <b><?php echo $_SERVER['REMOTE_ADDR'] ?></b> logged in as <b><?php echo $_SESSION['user_name'] ?></b> :: <a href=logout.php>Logout</a> <?php } ?>
</td></table></div>

login.php:

<?php session_start();
 $link=mysql_connect('127.0.0.1:3306','USER','PASS');
 if(!$link) die('MySQL connection failure');
 mysql_select_db('DB_NAME');
 $query=sprintf("select Id,Password from user where Id='%s' and password='%s'",
  mysql_real_escape_string($_POST['uid']),
  mysql_real_escape_string($_POST['pass']));
 $result=mysql_query($query);
 $row=mysql_fetch_row($result);
 if($row) {
  $_SESSION['user_name']=$row[0];
  $_SESSION['user_pass']=$row[1];
  if($_POST['ks']) {
   $cook=sprintf("Set-Cookie: uname=%s; expires=Fri, 31-Dec-9999 23:59:59 -0800;",$row[0]);
   header($cook);
   $cook=sprintf("Set-Cookie: upass=%s; expires=Fri, 31-Dec-9999 23:59:59 -0800;",$row[1]);
   header($cook);
  }
 } else {
  unset($_SESSION['user_name']); setcookie('uname','',1);
  unset($_SESSION['user_pass']); setcookie('upass','',1);
 }
 header('Location: /');
?>

logout.php:

<?php $_SESSION=array();
 if(isset($_COOKIE[session_name()])) setcookie(session_name(), '',1, '/');
 if(isset($_COOKIE['uname'])) setcookie('uname','',1);
 if(isset($_COOKIE['upass'])) setcookie('upass','',1);
 session_destroy();
 header('Location: /');
?>

Include the code of the bar in a header or footer to have a dynamic line which either gives a login form if the user is not logged in, or the name of the user and her IP if the user is logged in.

I believe this code is impossible to exploit via SQL injection techniques.

 

[passie]

can you make register to ?
and the sql table or is that automatich ?

 

[username1]

All it needs is two columns in the table 'user' : 'Id' and 'Password'

Registration is straightforward, but this is a private system (i.e. users cannot register themselves, I add them manually to the database).

 

[passie]

oh ok thank you i gonna use it later on my website
but first i need to find tutorial for making a table in the database

i maked one but can this works ?

CREATE TABLE user
(
Id varchar(255),
Password varchar(255),
)

 

[username1]

Why don't you try and figure out if it works.

 

[Ytys Vynsan]

Thats not nice but good point, always do stuff yourself means you know its right and its easyer to edit later

 

[FragFrog]

Good code, but vulnerable to cooky-theft and cross-site scripting. If you want to do it right at least include an IP in the cookie, and NEVER EVER use plain text passwords in a cookie. If this is used from a public PC I could get anyones username and password within seconds.

Usefull for noobs, but definately don't use this on anything more important then a weblog.

 

[username1]

I would've stored a hashed password in the database and the cookie, if it weren't for the fact that the MMORPG that this interfaces with (Gunbound) stores plaintext passwords in its database, and thus I'd have to hash every password in the database looking for a match (either that or store the hashed version in a separate column); I hadn't the mind to do that when this was written.

BTW: Softnyx, the original creators of Gunbound, used plaintext in their login cookie - only, it was a session cookie and not one that expires in a few thousand years (no option to remember user).

 

[passie]

i try'd to make it self but it dont want =/
i did use google but than i get this

You must be registered to see links

 

[FragFrog]

I would've stored a hashed password in the database and the cookie, if it weren't for the fact that the MMORPG that this interfaces with (Gunbound) stores plaintext passwords in its database, and thus I'd have to hash every password in the database looking for a match (either that or store the hashed version in a separate column); I hadn't the mind to do that when this was written.

In that case you should've made a hash of IP + username + password and compare against that next time. Its really easy, just use

$cookiedata = sha1($username.$pass.$ip."Some random text");

And why store the hash in the database? If someone wants to login, just do

if($cookiedata == sha1($sqldata[username].$sqldata['password'].$ip."Some random text")) {
   do login stuff
 } else { 
  do invalid login stuff 
}

Where ofcourse you get your SQL data from another cookie wherein you've stored the username in plaintext - there's no harm in that. If you use this, as well as a HTTP referrer check, you've secured yourself against almost all commonly used forms of attack.

The internet would be a whole lot more secure if people'd only took the little bit of effort of actually thinking about security for a second.

 

[passie]

i got it

i maked own sql table
for who need it

CREATE TABLE `user` (
`Id` VARCHAR( 255 ) NOT NULL ,
`Password` VARCHAR( 255 ) NOT NULL
) TYPE = MYISAM ;

 

[passie]

question

i got this script from a questbook

<?
session_start();  
  $amount=15;

  if ($_GET['action']=='write') {
  	header('location: gb.php?action=read&start=0');
    $file=fopen('gastenboek.txt','a');

    $message=str_replace("\r",'',$message);
    $message=str_replace("\n",'{{',$_GET['message']);
    fwrite($file,$_GET['name'].'|||'.$_GET['email'].'|||'.date('d-m-Y').'|||'.$_GET['url'].'|||'.$message."\n");
    fclose($file);
    
  }

  $start=(isset($_GET['start'])?$_GET['start']:0);
  $gastenboek=Array();
  $gastenboek=file('gastenboek.txt');

?>

 <SCRIPT language="JavaScript">
    function validate(form) {
      if (form.name.value=="") {
        alert("Vul je naam in");
        return false;
      } else if (form.message.value=="") {
        alert("Vul je bericht in");
        return false;
      }
    }
    </SCRIPT>
    
 
  <P>
  <TABLE width="100%" cellspacing="0" cellpadding="0" >
    <TR>
      <TD><b>Questbook</b><br></TD>
    </TR>
  </TABLE>
  <TABLE width="100%" cellspacing="0" cellpadding="0">
    <TR>
      <TD class="side"> Message <? echo $start+1; ?> Of <? echo min($start+$amount,sizeof($gastenboek)); ?>.
        <HR> <TABLE width="100%" >
          <?
          $gastenboek=array_reverse($gastenboek);
          for ($i=$start;$i<$start+$amount && $i<sizeof($gastenboek);$i++) {
            list($name,$email,$date,$url,$message)=explode('|||',$gastenboek[$i]);
            $message=str_replace('{{',"\n",$message);
            echo '<TR><TD><B>'.($email!=""?'<A href="mailto:'.$email.'">'.$name.'</A>':$name).'</B></TD><TD align="right"><B>'.$date.'</B></TD></TR>'."\n";
            echo ($url!=""?'<TR><TD colspan="2"><A href="'.$url.'" target="_blank">'.$url.'</A></TD></TR>':'')."\n";
            echo '<TR><TD colspan="2"><SPAN>'.str_replace("\n",'<BR>',htmlspecialchars($message)).'</SPAN></TD></TR>'."\n";
            echo '<TR><TD colspan="2"><HR></TD></TR>'."\n";
          }
        ?>
        </TABLE>
        <CENTER>
          <?
          if ($start>0) echo '<a href="gb.php?start" onClick="return handlelink(this)"='.max(0,$start-$amount).'"><<<</A> ';
          if ($start+$amount<sizeof($gastenboek)) echo ' <a href="gb.php?start" onClick="return handlelink(this)"='.($start+$amount).'">>>></A>';
        ?>   </CENTER></TD>
    </TR>
  </TABLE>
  <P>
  <TABLE width="100%" cellspacing="0" cellpadding="0" >
    <TR>
      <TD class="side">New Message </TD>
    </TR>
  </TABLE>
  <TABLE width="100%" cellspacing="0" cellpadding="0" >
    <TR>
      <TD class="side"> <FORM action="gb.php" method="GET" onSubmit="return validate(this);">
          <INPUT type="hidden" name="action" value="write">
          <TABLE class="side">
            <TR>
              <TD>Name:</TD>
              <TD><INPUT type="text" name="name" size="30"></TD>
            </TR>
            <TR>
              <TD>E-Mail:</TD>
              <TD><INPUT type="text" name="email" size="30"></TD>
            </TR>
            <TR>
              <TD>Website</TD>
              <TD><INPUT name="url" type="text" value="http://" size="30"></TD>
            </TR>
            <TR>
              <TD>Message:</TD>
              <TD><TEXTAREA name="message" cols="50" rows="5"></TEXTAREA></TD>
            </TR>
          </TABLE>
          <INPUT type="submit" value="Send">
        </FORM></TD>
    </TR>
  </TABLE>

but everybody who dont login can still watch the page but i want that if you
login that are avelible if you not loggd in you cant see the page ,,,

hope u can help me with this im using the login bar for account system

 

[username1]

sage

This is not the forum to ask questions in -.-

Go to the parent forum.