Aella Posted August 23, 2004 Share Posted August 23, 2004 Hi, I downloaded a freeware login script, but have some issues with major security flaws and bugs. One thing I’ve noticed is that it’s not verifying the user names are unique when people register. I’ve tracked the problem down to the following lines of code: > $sql = "SELECT username FROM ".$prefix."_users WHERE username='$HTTP_POST_VARS[username]'"; $result = $db->query($sql); $sql2 = "SELECT email FROM ".$prefix."_users WHERE email='$HTTP_POST_VARS[email]'"; $result2 = $db->query($sql2); $num = $db->num($result); $num2 = $db->num($result2); if(($num > 0) || ($num2 > 0)) { if($num > 0) { $display .= "<font class=\"text\">That username is already taken. Please choose another one</font><br />"; unset($HTTP_POST_VARS['username']); } if($num2 > 0) { $display .= "<font class=\"text\">That email address is already in use. If you\'ve already registerd, and forgot your password, please use the <a href=\"forgot.php\">Password Recovery</a> system.</font><br />"; unset($HTTP_POST_VARS['email']); } If I try to register with a different user name, but the same email address as an existing user, I enter both the if($num2 > 0) AND if ($num > 0) cases. But if I try to register with just the same user name as an existing user, but a unique email address, neither case matches. Unfortunately my knowledge of PHP and SQL databases is severally lacking, and nothing is immediately obvious to me what’s wrong, or even where to start looking. Any ideas would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
LisaJill Posted August 23, 2004 Share Posted August 23, 2004 I can't help with this specific issue, however, I'd like to raise an issue. If you have *already* noticed this flaw - a huge gaping one, I think; then there could be others that would be of concern. I would personally look for another script that didn't have such problems. =) You can find thousands at hotscripts.com =) Quote Link to comment Share on other sites More sharing options...
Aella Posted August 23, 2004 Author Share Posted August 23, 2004 I think the most grievous mistake that I’ve found thus far was saving the user level in a cookie and then not verifying user level (or even that the user existed) with the database. You want to be an admin? Okay! Just edit your cookies. It’s become a personal challenge of sorts now Quote Link to comment Share on other sites More sharing options...
woesap Posted August 23, 2004 Share Posted August 23, 2004 Aella, I'm not fully into this type of sql (Oracle sql I am) but I think the problem lies in this line: >if(($num > 0) || ($num2 > 0)) { In my opinion, the code underneath will only be activated if you've entered an already used username AND a already used email adres but bnot seperatly. I would suggest leaving the line out and see what happens. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.