Jump to content
xisto Community
ewcreators

Whats Wrong>? please see this piece of code and see whats wrong:

Recommended Posts

require('connection2.php');$select=mysql_query("SELECT * from `users` WHERE password='$_GET[password]'");$co=mysql_num_rows($select);if ($co = 1){session_start();$s=session_id();$_SESSION['access']="yes";$username=$_GET['username'];header("location:../main/index2.php?a=$_GET[username]&s=$s");//echo "<a href='../main/index2.php' > Proceed to Game</a>";//echo $s;}

Now that is a bit of my script for my login script to authenticate and stuff.
Recently my game went down because there was some error in this.
So i kept on trying and it didnt work.
Now i found out, wait first let me tell you that over here users get registered for sessions, and if they arent register or are changing urls, they get redirected to an error page, that it always redirected to the error page meaning sessions weren't being registered. So i changed the error page to my game ingame page and it came there. With no luck, i was heading to bed when i mistakenly clicked a bookmarked link of the login file and saw that it said that i have to check the mysql syntax near 'password='passwordentered" at line one.

Share this post


Link to post
Share on other sites

Have you tried to write the MySQL sentence like this:

$select=mysql_query("SELECT * from users WHERE password='$_GET[password]'");

and how the pho file receives the password? through a submission form? because you can try '$_RESQUEST[password]' instead of '$_GET[password]'

Share this post


Link to post
Share on other sites

Have you tried to write the MySQL sentence like this:and how the pho file receives the password? through a submission form? because you can try '$_RESQUEST[password]' instead of '$_GET[password]'


I tried everything..it doesnt work...it just takes me to my error page which

Share this post


Link to post
Share on other sites

Well first of all I'm pretty sure you're comparing in this if statement not assigning:

if ($co = 1)
so you would need 2 equal signs (==). I'm not sure what more I can do because I do not know any more about the contents of connection2.php, or what error you're getting but that might fix it.

Also a note for after you get it fixed:

You have a HUGE security hole in your code:
$select=mysql_query("SELECT * from `users` WHERE password='$_GET[password]'");
If someone were to enter this password:
' or 1=1 limit 1;--

they could get into any account they wanted to. I would have the password check for single quotes and escape them out otherwise your login is open for some major sql injection!

Share this post


Link to post
Share on other sites

Another security issue is with sending passwords via the GET method. Better to use POST on the Form and the receiving end. the password at least would not be visible if you use the POST method.Check the page that submits the info to see if the GET or POST method is used on the submit form, too.

Share this post


Link to post
Share on other sites

Oh my god yes. I can't believe I didn't even see that. Sending the data through get would be a terrible Idea if you were to log in and somebody was watching the url behind you. If your form is set to post the data then thats where your problem is...

Share this post


Link to post
Share on other sites

Oh my god yes. I can't believe I didn't even see that. Sending the data through get would be a terrible Idea if you were to log in and somebody was watching the url behind you. If your form is set to post the data then thats where your problem is...

even since its a header page, ill go with post.
And i know that is a huge security hole, i did that delibrately so that people could just login as i didnt want to keep the game down to long, ill try out == and also username=..... && password=....

Ill be sure to post results here.

~Aldo

(P.S : dont delete/lock this thread)

Share this post


Link to post
Share on other sites

I hope you escaped out those single quotes out of your passwords!Perhaps after you post your website I'll try to see if its still vunrable by hax0ring it! :P Oh, and of course report to you what exploits i find... (or maybe not!) Haha.. Just kidding... :D

Share this post


Link to post
Share on other sites

I hope you escaped out those single quotes out of your passwords!
Perhaps after you post your website I'll try to see if its still vunrable by hax0ring it! :P

Oh, and of course report to you what exploits i find... (or maybe not!) Haha.. Just kidding... :D



http://forums.xisto.com/no_longer_exists/


:D
Its still in its basic steps as i am trying to make it a proper game so i have to make each and every page completely full proof.
Register and login :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.