Jump to content

Sql And Php Issue


Aella
 Share

Recommended Posts

Hi,

 

I downloaded a freeware login script, but have some issues with major security flaws and bugs. One thing I’ve noticed is that it’s not verifying the user names are unique when people register. I’ve tracked the problem down to the following lines of code:

 

>   $sql = "SELECT username FROM ".$prefix."_users WHERE username='$HTTP_POST_VARS[username]'";
   $result = $db->query($sql);

   $sql2 = "SELECT email FROM ".$prefix."_users WHERE email='$HTTP_POST_VARS[email]'";
   $result2 = $db->query($sql2);

   $num = $db->num($result);
   $num2 = $db->num($result2);

   if(($num > 0) || ($num2 > 0)) {
       if($num > 0) {
          $display .= "<font class=\"text\">That username is already taken. Please choose another one</font><br />";
          unset($HTTP_POST_VARS['username']);
       }
       if($num2 > 0) {
          $display .= "<font class=\"text\">That email address is already in use. If you\'ve already registerd, and forgot your password, please use the <a href=\"forgot.php\">Password Recovery</a> system.</font><br />";
          unset($HTTP_POST_VARS['email']);
       }

 

If I try to register with a different user name, but the same email address as an existing user, I enter both the if($num2 > 0) AND if ($num > 0) cases. But if I try to register with just the same user name as an existing user, but a unique email address, neither case matches.

 

Unfortunately my knowledge of PHP and SQL databases is severally lacking, and nothing is immediately obvious to me what’s wrong, or even where to start looking.

 

Any ideas would be greatly appreciated.

Link to comment
Share on other sites

I can't help with this specific issue, however, I'd like to raise an issue.

 

If you have *already* noticed this flaw - a huge gaping one, I think; then there could be others that would be of concern. I would personally look for another script that didn't have such problems. =) You can find thousands at hotscripts.com =)

Link to comment
Share on other sites

I think the most grievous mistake that I’ve found thus far was saving the user level in a cookie and then not verifying user level (or even that the user existed) with the database. You want to be an admin? Okay! Just edit your cookies.

 

It’s become a personal challenge of sorts now :dance:

Link to comment
Share on other sites

Aella,

 

I'm not fully into this type of sql (Oracle sql I am) but I think the problem lies in this line:

>if(($num > 0) || ($num2 > 0)) {

 

In my opinion, the code underneath will only be activated if you've entered an already used username AND a already used email adres but bnot seperatly.

 

I would suggest leaving the line out and see what happens.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...