Update make code secure

Discussion in 'PHP' started by ycpc55, Mar 4, 2012.

0
  1. #1
    hi
    i was wondering if anyone can please help me update my script to make it a little more secure? it works well but i don't think its secure thanks...

    <?PHP
$rememberCookieUname = $_COOKIE["rememberCookieUname"];
$rememberCookiePassword = $_COOKIE["rememberCookiePassword"];
include("config.php");
$query = "Select * from register where  username='".$_SESSION[id]."' And password = '".$_SESSION[pass]."'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)){ 
$user_id = mysql_result($result, 0, 'user_id');
$_SESSION['user_id'] = $user_id;
$user_current_level = $row["userlevel"];
if ($reqlevel == 0 && $row["userlevel"] > 0){
die("You need to be an admin for this page");
}else{
if ($row["userlevel"] < $reqlevel && $row["userlevel"] > 0){
die("Your acces level is not high enough for this page, <BR> Your access level: $row[userlevel] <BR>Level required: $reqlevel");
}
}
}else{
if ($rememberCookiePassword != "" && $rememberCookieUname != "" && $rememberCookieuserid != ""){
$query = "Select * from ".$DBprefix."signup where username='".$rememberCookieUname."'";
$result = mysql_query($query);
if ($row = mysql_fetch_array($result)){
if (md5($row["password"]) == $rememberCookiePassword){
session_unset();
session_destroy();
@ session_register("pass");
$_SESSION["pass"] = $rememberCookiePassword;
@ session_register("id");
$_SESSION["id"] =  $rememberCookieUname;
$user_current_level = $row["userlevel"];
if ($reqlevel == 0 && $row["userlevel"] > 0){
die("You need to be an admin for this page");
}else{
if ($row["userlevel"] < $reqlevel && $row["userlevel"] > 0){
die("Your acces level is not high enough for this page, <BR> Your access level: $row[userlevel] <BR>Level required: $reqlevel");
}
}
}else{die("Please log-in.");}
}else{die("Please log-in.");}		
}else{die("Please log-in.");}
}
$user_currently_loged = htmlspecialchars($_SESSION["id"],ENT_NOQUOTES);
$user_currently_loged = str_replace ('\"', "&quot;", $user_currently_loged);
$user_currently_loged = str_replace ("\'", "&#039", $user_currently_loged);
$user_currently_loged_plain = $_SESSION["id"];
if ($user_current_level < 0){
$user_current_Rank = "Adminstrator";}
else{
$user_current_Rank = $ranks[$user_current_level];
}
$query = "Select * from inbox where adres='".$_SESSION[id]."' And isRead = '0'";
$result = mysql_query($query);
$user_current_ammount_new = mysql_num_rows($result);
?>
    PHP:

     
    ycpc55, Mar 4, 2012 IP
  2. Alex Roxon

    Alex Roxon Active Member

    Messages:
    424
    Likes Received:
    11
    Best Answers:
    7
    Trophy Points:
    80
    #2
    The main issue you have to be aware of is throwing data in to your MySQL queries that the user can influence. So for instance, you directly insert the $rememberCookieUname variable in to one of queries. Users can easily edit and manipulate their cookies, so if I were to change that cookie to:

    a' or 1='1
    Code (markup):
    Then your database query now becomes:
    [COLOR=#0000ff]Select * from [/COLOR][COLOR=#0000ff]signup where username='[/COLOR]a' or 1='1'
    Code (markup):
    Which I'm sure isn't what you want ;) You should make sure you sanitize all user data with addslashes() or mysql_real_escape_string() (if using mysql in the way you are).
     
    Alex Roxon, Mar 5, 2012 IP
  3. ycpc55

    ycpc55 Peon

    Messages:
    19
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    hi thanks for the reply im a little new to php is there anyway you can show me how this can be done? i know you said make sure i sanitize all user data with addslashes() or mysql_real_escape_string() how do i go about doing this again thanks...
     
    ycpc55, Mar 5, 2012 IP
  4. ycpc55

    ycpc55 Peon

    Messages:
    19
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    i got it i just needed to sleep lol thanks for your help!.
     
    ycpc55, Mar 5, 2012 IP