PHP MySql用戶帳戶繞過cookie
[英]PHP MySql user account bypassing cookies
問題描述
是的,我已經修改了一段時間了,並且除了用戶帳戶頁面之外,其他所有功能都可以使用,我的問題是; 有人可以發現我在這里所做的錯別字,或者可以給我一些幫助使其工作嗎?
該網站似乎繞過了這部分,直接進入其他部分(如下所示):
<?
if(isset($_COOKIE['ID_my_site'])){
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$con = mysqli_connect(DATABASE STUFF) or die(mysqli_error());
$check = mysqli_query($con,"SELECT email, pass2 FROM userAccount WHERE email=$email")or die(mysqli_error());
while($info = mysqli_fetch_array($check)){
if ($pass != $info['pass2']){
echo "Wrong Password or Email!, Please <a href='login.php'>Login here</a> to see your account or <a href='register.php'>Register here</a>.";
}else{
$con=mysqli_connect(DATABASE STUFF);
$sqlCommand = "(SELECT * FROM userAccount WHERE email=$email)";
$query = mysqli_query($con,$sqlCommand) or die("Error: ".mysqli_error($con));
$column = mysqli_fetch_array($query);
echo "<section class='userName'><h3>".$column['firstName']." ".$column['surname']."</h3></section>";
echo "<section class='address'>".$column['addressLine1']."<br />".$column['addressLine2']."<br />".$column['county']."<br />".$column['country']."<br />".$column['postCode']."</section>";
echo "<section class='email'><h3>".$column['email']."</h3></section>";
echo "<section class='passwordUpdate'><a href='update.php?user_id=".$column['user_id']."'>Change Password</a></section>";
}
}
無論如何,它都會直接出現的“其他”:
}else{
echo "You cannot see this page, Please <a href='login.php'>Login here</a> to see your account or <a href='register.php'>Register here</a>.";
}
以下是登錄過程,以防萬一有人問:
<?
$con = mysqli_connect(DATABASE STUFF) or die(mysqli_error($con));
if(isset($_COOKIE['ID_my_site'])){
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysqli_query($con,"SELECT email, pass2 FROM userAccount WHERE email='".$_POST['email']."'")or die(mysqli_error($con));
while($info = mysqli_fetch_array($check)){
if ($pass != $info['pass2']){
}else{
header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/userAccount.php");
}
}
}
if (isset($_POST['submit'])) {
if(!$_POST['email'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
if(IsInjected($email)){
die('Bad email value!');
}
$check = mysqli_query($con,"SELECT * FROM userAccount WHERE email='".$_POST['email']."'")or die(mysqli_error($con));
$check2 = mysqli_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href="http://www.littlepenguindesigns.co.uk/pages/CMX/pages/registration.php">Register</a>');
}
while($info = mysqli_fetch_array($check)){
$_POST['pass'] = stripslashes($_POST['pass']);
$info['pass2'] = stripslashes($info['pass2']);
$_POST['pass'] = md5($_POST['pass']);
if($_POST['pass'] != $info['pass2']) {
die('Incorrect password, please <a href="http://www.littlepenguindesigns.co.uk/pages/CMX/pages/login.php">try again</a>.');
}else{
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/userAccount.php");
}
}
}else{
header("Location: http://www.littlepenguindesigns.co.uk/pages/CMX/pages/login.php");
}
function IsInjected($str){
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)');
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)){
return true;
}else{
return false;
}
}
以及PHP文件中的登錄表單:
<form action="extras/loginProcess.php" method="post" name="login_form">
Email: <input type="text" name="email" /><br />
Password: <input type="password" name="pass" id="pass" /><br />
<input type="submit" name="submit" value="Sign in" />
</form>
最后是MyPHPAdmin中的TABLE:
CREATE TABLE `userAccount` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`firstName` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`surname` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`addressLine1` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
`addressLine2` varchar(30) COLLATE utf8_unicode_ci NOT NULL,
`county` varchar(20) COLLATE utf8_unicode_ci NOT NULL,
`country` varchar(20) COLLATE utf8_unicode_ci DEFAULT NULL,
`postCode` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
`email` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`email2` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
`pass` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
`pass2` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci AUTO_INCREMENT=5 ;
數據庫是正確的,我盡了最大的努力使此工作得以完成,並一直返回默認代碼,因為我知道默認代碼在大多數情況下都是安全的。
我已經嘗試過將pass2更改為pass(甚至將數據庫中的pass更改為password並在需要的地方進行配置,但同樣如此)。
如果有人可以幫助我,那就太好了,謝謝。
1 個解決方案
解決方案1
0 2013-12-06 02:30:20
好的,學習編寫自己的東西總是很不錯的..但是為什么不為此使用一些已有的平台,例如wordpress,drupal等具有內置登錄系統的平台呢?
您的代碼極易受到攻擊。 我可以在Cookie中寫入任何SQL,然后您將該變量添加到SQL查詢中($ email變量)。
MySQL/PHP: 如果表用戶為空,如何生成默認管理員帳戶
[英]MySQL/PHP: If the table user is empty, how to generate default admin account
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.