i am trying to fix my script from vulnerabillity and i think i found 2 but i am not sure :s if (!$_COOKIE[$ck_admin] || ($_COOKIE[$ck_admin]!=md5($admin_pass))) { header("Location: index.php"); exit; } $admin_mode = TRUE; PHP: can the user bybass this to login to the admin cpanel and here to this is the login page if ($_POST['admin_pass'] && $_POST['admin_pass'] == $admin_pass) // Login admin { setcookie($ck_admin, md5($admin_pass), 0, "/"); header("Location: home.php"); exit; } elseif ($_GET['signout']) // Signout admin { setcookie($ck_admin, "", 0, "/"); header("Location: index.php"); exit; } elseif ($_COOKIE[$ck_admin] == md5($admin_pass)) // Already logged in. Redirect to admin home page { header("Location: home.php"); exit; } PHP: is this code vulnerable for auth bybass by sql injection ?
Hmm, seems like you're using cookies. You should use php sessions: http://www.tizag.com/phpT/phpsessions.php - it makes your life more easier It seems okay to me, but fix this a little: if (isset($_POST['admin_pass']) && $_POST['admin_pass'] == $admin_pass) // add isset PHP: Oh yeah, sql injections only happen if you allow users to do sql query without escaping sql statements
thank you emmm why i should use session ? and why you added isset ? can you tell me please , where is the risk ?
Well just to be sure, I know that isset checks if $_POST['admin_pass'] exists and returns true if it does and false otherwise. Just to be safe, you know. I'm not 100% certain but I think it will always return true if you don't add isset. I'm too lazy to check, but adding isset will rest that assure. Oh yeah, sql injections only happen if you allow users to do sql query without escaping sql statements