I'm trying to make two visually similar web environments. One is supposed to be secure and the other one isn't. I figure doing things right AND wrong and having examples will help me while I'm still learning. Right now I'm doing the log in forms but while the more secure code works right, the insecure code is literally accepting everything, even blank inputs! I can't tell what the difference is that is making this happen.
This is from the more secure log in page.
// The user is logging in
} else if (isset($_POST['logsubmit'])) {
// collects value from login form
$loguser = safe_input($_POST['loguser']);
$logpass = md5($_POST['logpass']);
//This section needs encryption
$logcheck1 = mysqli_query($con,"SELECT * FROM users WHERE username ='$loguser'");
$logcheck2 = mysqli_num_rows($logcheck1);
if ($logcheck2 == 0) {
echo ('There is no record of that username being currently active');
goto logform;
}
while ($logcheck3 = mysqli_fetch_array($logcheck1)) {
if ($logpass != $logcheck3['password']) {
echo ('Incorrect password used.');
goto logform;
}
}
display:
$user = mysqli_query($con,"SELECT profile_pic FROM users WHERE username ='$loguser'");
while ($data = mysqli_fetch_array($user)) {
if ($data['profile_pic'] != NULL) {
$pic = $data['profile_pic'];
} else {
$pic = "img/blank_profile.png";
}
}
setcookie('testsiteUser',$loguser,time()+3600);
setcookie('testsitePass',$logpass,time()+3600);
echo ('<h2 id="greenborder">Hello, <a id="purpleborder"
href="userpage.php">'.$loguser.'</a>!</h2>
<img class="profile_bar" src="'.$pic.'">');
?>
<p>
<form action="<?php echo ($_SERVER['PHP_SELF'])?>" method="POST">
<input type="submit" name="logout" value="Log Out">
</form></p>
<?php
} else {
logform:
And then after the logform: marker is the log in form. There is more code above comment about the user logging in. Let me know if anyone wants to see it. I don't know if it's relevant. This works! If I log into this with the wrong user name or password, it'll say so. If I log in right, it'll say so.
This is the code from the more insecure version.
// The user is logging in
} else if (isset($_POST['logsubmit'])) {
// collects value from login form
$loguser = /*safe_input*/($_POST['loguser']);
$logpass = md5($_POST['logpass']);
/*
//This section needs encryption
$logcheck1 = mysqli_query($con,"SELECT * FROM users WHERE username ='$loguser'");
$logcheck2 = mysqli_num_rows($logcheck1);
if ($logcheck2 == 0) {
echo ('There is no record of that username being currently active');
goto logform;
}
while ($logcheck3 = mysqli_fetch_array($logcheck1)) {
if ($logpass != $logcheck3['password']) {
echo ('Incorrect password used.');
goto logform;
}
}
*/
$logcheck = mysqli_query($con,"SELECT * FROM users WHERE username = '$loguser' AND password = '$logpass'");
mysqli_free_result($logcheck);
if ($logcheck == 0){
echo ('Incorrect username or password');
goto logform;
}
//display:
/*$user = mysqli_query($con,"SELECT profile_pic FROM users WHERE username ='$loguser'");*/
/*$userpic = $_SESSION["loguser"];
$user = mysqli_query($con,"SELECT profile_pic FROM users WHERE username ='$userpic'");
while ($data = mysqli_fetch_array($user)) {
if ($data['profile_pic'] != NULL) {
$pic = $data['profile_pic'];
} else {
$pic = "img/blank_profile.png";
}
}*/
$_SESSION["loguser"] = $loguser;
echo ('<h2 id="greenborder">Hello, <a id="purpleborder" href="userpage.php">'.$_SESSION["loguser"].'</a>!<h2><p><img class="profile_bar" src="'.$pic.'">');
?>
<p>
<form action="<?php echo ($_SERVER['PHP_SELF'])?>" method="POST">
<input type="submit" name="logout" value="Log Out">
</form></p>
<?php
} else {
logform:
A lot of this is commented out because I started by copying this from the safer code which was made first. This logs in no matter what, and whatever I put into the user name input is displayed as the account name. I don't even know if the database is being queried.
I THINK that the 2nd version is somehow passing the goto login, but I can't see why it would work in the first version but not the second version. Or if I'm missing something else completely! I'm comparing both of these side by side, trying to make sure all the brackets have mates, but I'm still learning PHP. I know goto is awful and putrid and nobody likes it, but I feel like I'm using just how it's displayed in the online PHP manual where it comes out of an if, while, and for statement. http://ift.tt/1yz9R3f
I'm still building both of these so I realize there may be some big flaws in the first version that aren't present in the second version. I'm really just hung up on this one thing for now. Can anyone see whatever it is I'm missing here?
Sorry if the question is too long or I committed some other faux pas. This is my first question.
Aucun commentaire:
Enregistrer un commentaire