- Joined
- Jul 7, 2004
- Messages
- 853
- Reaction score
- 5
bar:
login.php:
logout.php:
Include the code of the bar in a header or footer to have a dynamic line which either gives a login form if the user is not logged in, or the name of the user and her IP if the user is logged in.
I believe this code is impossible to exploit via SQL injection techniques.
PHP:
<?php session_start();
if(isset($_COOKIE['uname'])&&isset($_COOKIE['upass'])) {
$_SESSION['user_name']=$_COOKIE['uname'];
$_SESSION['user_pass']=$_COOKIE['upass'];
}
if (!isset($_SESSION['user_name']) || !isset($_SESSION['user_pass'])) {
$logged_in=0;
} else {
$link=mysql_connect('127.0.0.1:3306','USER','PASS');
if(!$link) die('MySQL connection failure');
mysql_select_db('DB_NAME');
$query=sprintf("select Id,Password from user where Id='%s' and password='%s'",
mysql_real_escape_string($_SESSION['user_name']),
mysql_real_escape_string($_SESSION['user_pass']));
$result=mysql_query($query);
$row=mysql_fetch_row($result);
if($row) {
$logged_in=1;
$_SESSION['user_name']=$row[0];
$_SESSION['user_pass']=$row[1];
} else {
unset($_SESSION['username']);
unset($_SESSION['password']);
$logged_in=0;
}
}
if(!$logged_in) {
?><form action=login.php method=post><input type=checkbox name=ks>Login until Jan 19th, 2038 <input type=submit value="Login"><input type=text name=uid size=16 maxlen=16 accesskey=u value="Username"><input type=password name=pass size=16 maxlen=128 accesskey=p value="Password"></form>
<?php } else { ?>
Client <b><?php echo $_SERVER['REMOTE_ADDR'] ?></b> logged in as <b><?php echo $_SESSION['user_name'] ?></b> :: <a href=logout.php>Logout</a> <?php } ?>
</td></table></div>
PHP:
<?php session_start();
$link=mysql_connect('127.0.0.1:3306','USER','PASS');
if(!$link) die('MySQL connection failure');
mysql_select_db('DB_NAME');
$query=sprintf("select Id,Password from user where Id='%s' and password='%s'",
mysql_real_escape_string($_POST['uid']),
mysql_real_escape_string($_POST['pass']));
$result=mysql_query($query);
$row=mysql_fetch_row($result);
if($row) {
$_SESSION['user_name']=$row[0];
$_SESSION['user_pass']=$row[1];
if($_POST['ks']) {
$cook=sprintf("Set-Cookie: uname=%s; expires=Fri, 31-Dec-9999 23:59:59 -0800;",$row[0]);
header($cook);
$cook=sprintf("Set-Cookie: upass=%s; expires=Fri, 31-Dec-9999 23:59:59 -0800;",$row[1]);
header($cook);
}
} else {
unset($_SESSION['user_name']); setcookie('uname','',1);
unset($_SESSION['user_pass']); setcookie('upass','',1);
}
header('Location: /');
?>
PHP:
<?php $_SESSION=array();
if(isset($_COOKIE[session_name()])) setcookie(session_name(), '',1, '/');
if(isset($_COOKIE['uname'])) setcookie('uname','',1);
if(isset($_COOKIE['upass'])) setcookie('upass','',1);
session_destroy();
header('Location: /');
?>
I believe this code is impossible to exploit via SQL injection techniques.