Showing posts with label Password. Show all posts
Showing posts with label Password. Show all posts

Saturday, December 22, 2012

Using Encrypted Passwords in PHP Login Script


Suppose someone breaches into our database, he can easily get the users ‘username’ and ‘passwords’. To avoid this situation we use encrypted passwords.

Even if someone enters into our database, he cannot get the password. When a user wants to login, his password is converted into the same format and matched with the database encrypted password. If both usernames and encrypted passwords match, then user will be logged in.

Usually, md5() function is used to encrypt the passwords. It generates a 32 characters word. Following code of PHP Login System shows the implementation of the function.

Database Table of users

Id
user
pass
1
userone
b7e055c6165da55c3e12c49ae5207455
2
usertwo
c4d8a57e2ca5dc5d71d2cf3dbbbbaabe

After submitting the login credentials, the following script will handle the login request.               

$user=$_POST['user'];
$pass=md5($_POST['pass']); //This is the only change

//checks if a user exists in database having `user` and `pass` equal to $user and $pass respectively.
$chkqry=mysql_query("select `id` from `users` where `user`='".$user."' and `pass`='".$pass."'");

//if user exists then, set cookie `SessionId` and redirect to home.php page
if(mysql_num_rows($chkqry)>0) {
      setcookie("SessionId",$user,0);
      header('location:home.php');
}

//if user doesn’t exist then, shows message ‘Incorrect Username or Password’ on login.php page
     else {
           header('location:login.php?msg=Incorrect Username or Password');
     }


Posted by at No comments:
Labels: , , , , , , ,

Tuesday, December 11, 2012

SQL Injection attack and prevention

Attack

Let’s take the case of Login System in which a person logins using his username and password. The following SQL query authorizes the user. In this query, a user can logs in if and only if there exists a row in `users` table having the `user` and `pass` value equal to the posted value.

               $user=$_POST['user'];
      $pass=$_POST['pass'];
               $chkqry=mysql_query("select `id` from `users` where `user`='".$user."' and `pass`='".$pass."'");

 Suppose, if the user enters the following username and password in the Login Box fields.

                Username           :               anyword’ OR ‘a’=’a
                Password            :               anyword’ OR ‘a’=’a

Then the query is as follows,

                $chkqry=mysql_query("select `id` from `users` where `user`='anyword’ OR ‘a’=’a’ and `pass`='anyword’ OR ‘a’=’a’”);

This is always true and returns all the rows of the table results in logging of the user.
This is SQL Injection.

Prevention

The function mysql_real_escape_string() in PHP escapes the special characters like quotes (), double-quotes() etc. That is the function converts the characters as follows:

     ‘    ->   \’
     “    ->   \”

This is best method to prevent SQL Injection Vulnerability.
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)