User Account Login tutorial - any username and password work
Posted: Sun Nov 06, 2011 8:21 pm
Issue:
I tested a few different password and username combinations to ensure the login system only allowed the correct combination to work, and I found that no matter combination i use, it logs me in even if that information is not in the DB! Here is my code for the users.inc.php and login.php:
I tested a few different password and username combinations to ensure the login system only allowed the correct combination to work, and I found that no matter combination i use, it logs me in even if that information is not in the DB! Here is my code for the users.inc.php and login.php:
<?php // checks if the given username exists in the table function user_exists($user){ $user = mysql_real_escape_string($user); $total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}'"); return (mysql_result($total, 0) == '1') ? true : false; } // checks if the given username and password combo is valid function valid_credentials($user, $pass){ $user = mysql_real_escape_string($user); $pass = sha1($pass); $total = mysql_query("SELECT COUNT(`user_id`) FROM `blogusers` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'"); return (mysql_result($total, 0) == '1') ? true : false; } // adds a user to the database function add_user($user, $pass){ $user = mysql_real_escape_string(htmlentities($user)); $pass = sha1($pass); mysql_query("INSERT INTO `blogusers` (`user_name`, `user_password`) VALUES ('{$user}', '{$pass}') "); } ?>
<?php include('core/init.inc.php'); $errors = array(); if (isset($_POST['username'], $_POST['password'])){ if (empty($_POST['username'])){ $errors[] = 'The username cannot be empty'; } if (empty($_POST['password'])){ $errors[] = 'The password cannot be empty'; } if (valid_credentials($_POST['username'], $_POST['password'] === false)){ $errors[] = 'Username / Password is Incorrect'; } if (empty($errors)){ // log in $_SESSION['username'] = htmlentities($_POST['username']); header('Location: index.php'); die(); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Blog Login</title> </head> <body> <form action="" method="post"> <label for="username">Username:</label> <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>/><BR /><BR /> <label for="password">Password:</label> <input type="password" name="password" id="password"/><BR /><BR /> <input type="submit" value="login"/> </form> <div> <?php if (empty($errors) === false){ ?> <ul> <?php foreach ($errors as $error){ echo"<li>{$error}</li>"; } ?> </ul> <?php }else{ echo ''; } ?> </div> <p><a href="../index.php">Back to the blog</a></p> </body> </html>