User Account Login tutorial - any username and password work
Posted: Sun Nov 06, 2011 8:21 pm
Issue:
I tested a few different password and username combinations to ensure the login system only allowed the correct combination to work, and I found that no matter combination i use, it logs me in even if that information is not in the DB! Here is my code for the users.inc.php and login.php:
[syntax=php]<?php
// checks if the given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// checks if the given username and password combo is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `blogusers` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}') ");
}
?>[/syntax]
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}
if (valid_credentials($_POST['username'], $_POST['password'] === false)){
$errors[] = 'Username / Password is Incorrect';
}
if (empty($errors)){
// log in
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: index.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Blog Login</title>
</head>
<body>
<form action="" method="post">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>/><BR /><BR />
<label for="password">Password:</label>
<input type="password" name="password" id="password"/><BR /><BR />
<input type="submit" value="login"/>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo"<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo '';
}
?>
</div>
<p><a href="../index.php">Back to the blog</a></p>
</body>
</html>
[/syntax]
I tested a few different password and username combinations to ensure the login system only allowed the correct combination to work, and I found that no matter combination i use, it logs me in even if that information is not in the DB! Here is my code for the users.inc.php and login.php:
[syntax=php]<?php
// checks if the given username exists in the table
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// checks if the given username and password combo is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// adds a user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `blogusers` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}') ");
}
?>[/syntax]
[syntax=php]<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}
if (empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}
if (valid_credentials($_POST['username'], $_POST['password'] === false)){
$errors[] = 'Username / Password is Incorrect';
}
if (empty($errors)){
// log in
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: index.php');
die();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Blog Login</title>
</head>
<body>
<form action="" method="post">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>/><BR /><BR />
<label for="password">Password:</label>
<input type="password" name="password" id="password"/><BR /><BR />
<input type="submit" value="login"/>
</form>
<div>
<?php
if (empty($errors) === false){
?>
<ul>
<?php
foreach ($errors as $error){
echo"<li>{$error}</li>";
}
?>
</ul>
<?php
}else{
echo '';
}
?>
</div>
<p><a href="../index.php">Back to the blog</a></p>
</body>
</html>
[/syntax]