I am using MacOSx and apache sever on XAMPP
Here is the link to my file - http://localhost:8080/logi/index.php and if I write sqlmap -u http://localhost:8080/logi/index.php?id=1 This error appear: [CRITICAL] all tested parameters do not appear to be injectable.
I want to check my login form for vulnerabilities but I don't understand which parameters I should write, which id or maybe I have to use --data?
Here is my code:
<?php
SESSION_START();
require ('connect.php');
//This is the validation for the login
if(isset($_POST['login'])){
$sql="SELECT * FROM members WHERE email=? AND password=?";
$ss=mysqli_prepare($connect,$sql);
$ss->bind_param("ss",$eu,$pe);
$eu=$_POST['email'];
$pe=$_POST['password'];
$ss->execute();
if(!empty($eu) && !empty($pe) && $ss->fetch()>0){
$_SESSION['email']=$_POST['email'];
header('Location:welcome.php');
}
if(empty($eu)){
$eerr="Did you forget your email?";
}elseif(empty($pe)){
$pwerr="Password required";
}elseif($ss->fetch()!==1){
$eerr="That account do not exist";
}
}
//This is the validation for registration
if(isset($_POST['register'])){
$sql="SELECT * FROM members WHERE email=?";
$sss=mysqli_prepare($connect,$sql);
$sss->bind_param("s",$e);
$e=$_POST['remail'];
$pw=$_POST['rpassword'];
$sss->execute();
if(!empty($e) && !empty($pw) && $sss->fetch()<1 && filter_var($e, FILTER_VALIDATE_EMAIL)){
$sql="INSERT INTO members (email,password)VALUES(?,?)";
$sss=mysqli_prepare($connect,$sql);
$sss->bind_param("s",$e);
$pq=$_POST['rpassword'];
$sss->execute();
echo"You have signed up!";
}
if(empty($e)){
$emailerr="Please provide your email adress!";
}elseif(empty($pw)){
$passworderr="Choose a password";
}elseif($sss->fetch()>0){
$emailerr="That account exist";
}elseif(!filter_var($e, FILTER_VALIDATE_EMAIL)){
$emailerr="Invalid email";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login and Registration</title>
<style>
span{
color:red;
}
</style>
</head>
<body>
Login
<form action="" method="POST">
<input type="text" name="email" placeholder="Email"/><span><?php echo $eerr;?><span><br>
<input type="password" name="password" placeholder="Password"/><span><?php echo $pwerr;?></span><br>
<input type="submit" name="login" value="Login"/>
</form>
<br><br>
Register
<form action="" method="POST">
<input type="text" name="remail" placeholder="Email"><span>*<?php echo $emailerr;?></span><br>
<input type="password" name="rpassword" placeholder="Password"><span>*<?php echo $passworderr;?><span><br>
<input type="submit" name="register" value="Register"/>
</form>
</body>
</html
Related
When I run the below code, it clears the form and keeps me on the same page. I am wanting it to, on successful login, re-direct to home.php
I think there is a problem with my
header()
I've tried various different things here and have also read that the Location must be a http address, if this is the case, how do i make it point to home.php which sits in my root directory. Any ideas? also any other comments on the code would be appreciated.
<?php include_once("scripts/global.php");
$message='';
if(isset($_POST['email'])){
$email=$_POST['email'];
$pass=$_POST['pass'];
$remember=$_POST['remember'];
// error handling
if( (!$email) || (!$pass)){
$message = 'Please enter both fields';
}else{
//secure the data
$email=mysqli_real_escape_string($link, $email);
$pass=sha1($pass);
$query=mysqli_query($link, "SELECT * FROM Members WHERE email='{$email}' AND password='{$pass}' LIMIT 1") or die(mysql_error($link));
$count_query=mysqli_num_rows($query);
if($count_query == 0){
$message='The information you entered was incorrect';
}else{
// start the sessions
$_SESSION['pass'] = $pass;
while($row=mysqli_fetch_array($link, $query)){
$username=$row['username'];
$id=$row['id'];
}
$_SESSION['username']=$username;
$_SESSION['id']=$id;
if($remember == "yes"){
// create the cookies
setcookie("id_cookie", $id, time()+60*60*24*100, "/");
setcookie("pass_cookie", $pass, time()+60*60*24*100, "/");
}
header('Location: ./home.php');
}
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Login to Sweet Chain Fantasy 2022</title>
<link href="css/global.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div class="container center">
<h1>Login to Sweet Chain Fantasy 2022</h1>
<p><?php echo("$message"); ?></p>
<form action="login.php" method="post">
<input type="text" name="email" placeholder="Email Address" /><br /><br />
<input type="password" name="pass" placeholder="Password" /><br /><br />
<input type="checkbox" name="remember" value="yes" checked="checked" />Remember me?<br /><br />
<input type="submit" name="Login" />
</form>
</div>
</body>
</html>
As the #tadman told you in comments, you really shouldn't build auth system for a production if you absolutely don't need to.
If, however, you are doing this for experimenting and learning then unless you have a custom server config, chances are that this will work for you
//relative link
header('Location: /home.php');
or this
//absolute link
header('Location: http://' . $_SERVER['SERVER_NAME'] . '/home.php');
So I am trying to run this php file which should act as a login for users. Everytime I try to run it the browser says something like "localhost is currently unable to handle this request." I don't know what to do can anyone help me? Even running simple statements are coming back wit this error.
<?php
$host="localhost";
$user="root";
$password=" ";
$db="storm";
mysql_connect($host, $user, $password);
mysql_select_db($db);
if(isset($_POST['username'])){
$uname=$_POST['username'];
$password=$_POST['password'];
$sql="select * from user where username='".$uname."'AND
password='".$password."' limit 1";
$result=mysql_query($sql);
if(mysql_num_rows($result)==1){
echo "you have logged in";
exit();
}
else{
echo"nice try";
}
?>
<!DOCTYPE html>
<html>
<head>
<title> Login</title>
</head>
<body>
<div class="container">
<form>
<div class="form-input">
<input type="text" name="username" placeholder="Enter the User
Name"/>
</div>
<div class="form-input">
<input type="password" name="password" placeholder="password"/>
</div>
<input type="submit" type="submit" value="LOGIN" class="btn-login"/>
</form>
</div>
</body>
</html>
The code you provided is missing one bracket at the end.
if(isset($_POST['username'])){ <--
...
if(mysql_num_rows($result)==1){
echo "you have logged in";
exit();
}
else{
echo"nice try";
}
} <--
I wrote a simple login page that is connected to a mySQL database. But even when I try to put in the correct login information, it still returns the "Incorrect username or password" error. I can't figure out if there is something wrong with my code itself, or my database. Any help would be greatly appreciated!
My database looks like this: https://gyazo.com/da06e276d981a35a3e2f01f5ec17f27b
I currently have 2 entries in that database for testing: https://gyazo.com/04a52dde61e77e0cbc2f90b78b3f40a9
My index.php code is as follows
<?php
include('login.php'); // Include Login Script
if ((isset($_SESSION['username']) != ''))
{
header('Location: home.php');
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>PHP Login Form with Session</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<h1>PHP Login Form with Session</h1>
<div class="loginBox">
<h3>Login Form</h3>
<br><br>
<form method="post" action="">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
<div class="error"><?php echo $error;?></div>
</div>
</body>
</html>
My login.php code is as follows:
<?php
session_start();
include("connection.php"); //Establishing connection with our database
$error = ""; //Variable for storing our errors.
if(isset($_POST["submit"]))
{
if(empty($_POST["username"]) || empty($_POST["password"]))
{
$error = "Both fields are required.";
}else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
//Check username and password from database
$sql="SELECT uid FROM users WHERE username='$username' and password='$password'";
$result=mysqli_query($db,$sql);
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
//If username and password exist in our database then create a session.
//Otherwise echo error.
if(mysqli_num_rows($result) == 1)
{
$_SESSION['username'] = $login_user; // Initializing Session
header("location: home.php"); // Redirecting To Other Page
}else
{
$error = "Incorrect username or password.";
}
}
}
?>
1- Saving in plain text is a NO.
2- As far as i can see you are comparing a plain text password with its md5.
You have also defined the same variable more than once, with different values, sth ive never seen before.
Well, I don't see where $login_user is assigned a value in your code in login.php page.
Try
$_SESSION['username'] = $username;
Also replace this with what you have at the top of your index.php page.
<?php
include('login.php'); // Include Login Script
if (isset($_SESSION['username'])){
header('Location: home.php');
}
else{}
?>
First of since you have your login script on another file in your project directory, shouldn't you specify the location to the script on your login form? Just like this
<form method="post" action="login.php">
<label>Username:</label><br>
<input type="text" name="username" placeholder="username" /><br><br>
<label>Password:</label><br>
<input type="password" name="password" placeholder="password" /> <br><br>
<input type="submit" name="submit" value="Login" />
</form>
i don't know what is wrong with my code when there is no members page the log in redirect me to the members page address with 404 error that isn't the problem , it redirect me to login page when i log in when i write this code in members page.
<?php
session_start();
if(!isset($_SESSION['user_level'])or ($_SESSION['user_level'] != 0)){
header('location: login.php');
exit();
}?>
<!DOCTYPE html>
<html>
<head>
<title>
Admin page
</title>
<style>
table{text-align: center;}
</style>
</head>
<body>
<?php
if($_SESSION['fname']){
echo 'welcome to admin page '. $_SESSION['fname'] . "<br>";
}
?>
<input type="button" value="Log Out" onclick="window.location=' logoutt.php '">
</body>
</html>
login page code
<?php
if($_SERVER['REQUEST_METHOD']=='POST'){
$dbcon=mysqli_connect('localhost','mahmud91','password','postaldb')or die('Couldn\'t connect to database'.mysqli_error($dbcon));
if(!empty(trim($_POST['email']))){
$email=mysqli_real_escape_string($dbcon,trim($_POST['email']));
}else{
$email=false;
}
if(!empty(trim($_POST['psword']))){
$psword=mysqli_real_escape_string($dbcon,trim($_POST['psword']));
}else{
$psword=false;
}if($email && $psword){
$query="SELECT fname,user_id,user_level FROM users WHERE (email='$email' AND psword=SHA1('$psword'))";
$result=mysqli_query($dbcon,$query);
if(#mysqli_num_rows($result)==1){
$_SESSION=mysqli_fetch_array($result,MYSQLI_ASSOC);
$_SESSION['user_level']=(int)$_SESSION['user_level'];
$url=($_SESSION['user_level']===1) ? "adminnpage.php" : "memberrpage.php";
header('location: '.$url);
}else{
echo "Sorry no match was found to email or password";
}
}else{
echo" Please try again";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>
Log In
</title>
</head>
<body>
<form action="/newfolder/login.php" method="post">
<p>
<label for="email">Email: </label>
<input type="text" name="email" id="email" >
</p>
<p>
<label for="psword">Password: </label>
<input type="password" name="psword" id="psword">
</p>
<p>
<input type="submit" name="submit" value="Log In">
</p>
<p>
<input type="button" value="Register" onclick="window.location='/newfolder/registerpage.php'">
</p>
</body>
</html>
You forgot to start session at the top of login page just after php tag
session_start();
I am creating and application with PHP and MySQL.
I have created two pages. Index.php and login.php (which holds the script for the user log in)
Every time I enter a user that is on the database to log in, it does return that there was no text entered.
I am new at this and I will really appreciate some help.
Here is my code.
Thanks in advance
index.php
<html>
<head>
<meta charset="UTF-8">
<title>Pet Service Catalogue</title>
</head>
<body>
<h1 style="text-align:center;"><img src="cat's paw.jpg" width="150" height="150" alt="cat's paw"/> Welcome to Pet Service Catalogue</h1>
<p style="text-align:center;">Please enter your Log in Details:</p>
<form style ="text-align:center;" name="LogIN" action="log_in.php" method="POST" enctype="multipart/form-data">
<p style="text-align:center;"> Email: <input type="text" name="user_email" value=""/></p>
<p style="text-align:center;"> Password: <input type="password" name="user_password" value="" /></p>
<input type="submit" value="Log In" name="LogIN" />
</form>
<form style="text-align:center;" name="registerprovider" action="registerprovider.php">
<p style="text-align:center;">Not Registered?:</p>
<input type="submit" value="Register Service Provider" name="Register Service Provider" />
</form>
<form style="text-align:center;" name="registerowner" action="registerowner.php">
<input type="submit" value="Register Pet Owner" name="Registerownerbutton" />
</form>
</body>
</html>
login.php
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<?php
// Create connection
$con = mysqli_connect('localhost', 'root', 'root', 'PetServiceCatalogue') or die("Failed to connect to database:" . mysqli_error($con));
//Get user details and put them on varaiables
$user_email = mysqli_real_escape_string($_POST['user_email']);
$user_password = mysqli_real_escape_string($POST['user_password']);
if (!empty($user_email) && !empty($user_password))
{
//look up for user details on the database
$query = "SELECT * FROM owner, provider WHERE email = '$user_email' AND password = SHA('$user_password') ";
$data = mysqli_query($con, $query);
$result = mysqli_num_rows($data);
printf("Number of rows %d \n", $result);
if ($result == 1) {
//The log in has found the user
$row = mysqli_fetch_array($data);
$user_email = $row('email');
$user_password = $row('password');
header("location: ownerhomepage.php");
} else {
//the user name or password are incorrect
echo "Wrong user email and password";
}
}
else
{
echo ' You must enter the user email and user password';
?>
<form name="back to index" action="index.php">
<input type="submit" value="Back to Log in page" name="Back to Log in page" /> </form>
<?php
}
mysqli_close($con);
?>
</body>
</html>
You have the action: action="log_in.php"but you've written its name is login.php
EDIT
Maybe you should try this as the first if statement:
if (trim($user_email)!="" && $user_password!=""){
//YOUR CODE
}