1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Protecting php/mysql - what im doing

Discussion in 'Security' started by neonKnight, Aug 8, 2007.

  1. #1
    Im investigating what methods exist to compromisse php/mysql made websites, and this is what im doing until now

    1) using htmlentities (avoid XSS attacks)
    2) magic_quotes_gpc is on (avoid sql injections)

    also for user authetication im using

    $user = $_POST["user"];
    $pass = sha1($_POST["pass"]);

    $query = "SELECT * from users WHERE username='" . $user . "' AND password = '" . $pass . "'";

    $result = mysql_query($query);
    SEMrush
    $row = mysql_fetch_object($result);
    if ($row) {
    session_start();
    $_SESSION["access"] = "granted";
    $_SESSION["id"] = $row->id;
    header('Location: welcome.php');
    }
    else { header('Location: login.html'); }

    the verification is then done in each page with

    session_start();

    header("Cache-control: private");
    if ($_SESSION["access"] == "granted") {
    echo "welcome registered user";
    }
    else
    header('Location: login.html' );


    so, is 1) and 2) enough to foil attacks? im i missing something here? i heard that even with magic_quotes_gpc on its still possible to do sql injection, however i couldnt find anything on google.

    Second question, (maybe a stupid one, i just want to be sure), are $_SESSION variables server side, that is, its not possible for a user to alter the value of this variable?
     
    neonKnight, Aug 8, 2007 IP
    SEMrush
  2. powerspike

    powerspike Peon

    Messages:
    312
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #2
    $query = "SELECT * from users WHERE username='" . $user . "' AND password = '" . $pass . "'";
    Code (markup):
    try
    $query = "SELECT * from users WHERE username='" . mysql_real_escape_string($user) . "' AND password = '" . mysql_real_escape_string($pass) . "'";
    Code (markup):
    for starters, that should help alot.

    while the session information is serverside, it is possible to change the cookie id session uses, but unlikey.
     
    powerspike, Aug 8, 2007 IP