I have to make an application that can be SQL injected, but I can't make it possible to SQL inject. I tried everything to SQL inject it, but I didn't succeed. It's possible to write the username like admin'# because that comments out the line.
I hope you can help me. You see my code just underneath.
<?php
include('include/config.php');
include('parts/header.php');
$submit = $_POST['submit'];
$username = $_POST['username'];
$password = $_POST['password'];
if ($submit) {
if(!empty($username OR !empty($password))) {
$sqlQuery = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
if(mysql_num_rows($sqlQuery) == 1) {
// Success - admin'#
echo "LOGGEDIN";
$_SESSION['loggedin'] = 1;
}
else {
echo "Wrong password or username";
}
}
else {
echo "You didn't fill every field.";
}
}
?>
<div id="container">
<form action="login.php" method="POST">
<input type="text" name="username" placeholder="Type user name...">
<input type="password" name="password" placeholder="Type password...">
<input type="submit" name="submit" value="Log in">
</form>
</div>
<?php
include('include/config.php');
include('parts/header.php');
$submit = $_POST['submit'];
$username = (int)$_POST['username'];
$password =(int)$_POST['password'];
if ($submit) {
if(!empty($username OR !empty($password))) {
$sqlQuery="SELECT * FROM users WHERE user_login = '$username' AND password = '$password'";
//SELECT * FROM `wp_users` WHERE `user_login`='1' OR '1' = '1' AND `user_pass`='1' OR '1' = '1'
//$sqlQuery = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");
echo $sqlQuery;
exit;
if(mysql_num_rows($sqlQuery) == 1) {
// Success - admin'#
echo "LOGGEDIN";
$_SESSION['loggedin'] = 1;
} else {
echo "Wrong password or username";
}
} else {
echo "You didn't fill every field.";
}
}
?>
<div id="container">
<form method="POST">
<input type="text" name="username" placeholder="Indtast brugernavn..">
<input type="password" name="password" placeholder="Indtast kodeord..">
<input type="submit" name="submit" value="Log ind">
</form>
</div>
You Query output will be this and always true,
SELECT * FROM wp_users WHERE user_login = '7' AND user_pass = '7'
You can use the mysql_real_escape_string function to make a variable secure:
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
Related
if(isset($_POST['btnLogin']))
{
$username = $_POST['txtusername'];
$pass_word = $_POST['txtpassword'];
$hashed_password = crypt(sha1($pass_word));
$sqlQuery = "SELECT * from users WHERE username = :username AND password = :password" ;
$statement = $conn->prepare($sqlQuery);
$statement->execute(array(':username' =>$user , ':password'=>$hashed_password));
while($row->$statement->fetch())
{
$id = $row['id'];
$username = $row['username'];
$password = $row['password'];
if(strcmp('$password', '$hashed_password') == 0)
{
echo "<script type='text/javascript'>console.log("Sucess");</script>";
}
else
{
echo "<script type='text/javascript'>console.log("Failed");</script>";
}
}
}
In here I am implementing the Sign in a page using PHP PDO codes.
I have no previous experience in using PHP PDO.I do the Sign up page without any errors but unfortunately program is not execute after
while($row->$statement->fetch())
here are the HTML codes
<section>
<div class="container">
<div class="login-form">
<h1>Sign In</h1>
<form id="login-form" method="post" action="">
<div class="form-group">
<input type="text" name="txtusername" placeholder="Username" data-validation="required">
</div>
<div>
<input type="password" name="txtpassword" placeholder="Password" data-validation="required">
</div>
<input type="submit" name="btnLogin" value="Login">
</form>
</div>
</div>
</section>
PHP VERSION : 5.3.8
Please give any suggestion to me for solve it
Try the below. If it doesn't work, wrap your query in this and turn error reporting on.
if(isset($_POST['btnLogin']))
{
$username = $_POST['txtusername'];
$pass_word = $_POST['txtpassword'];
$hashed_password = crypt(sha1($pass_word));
$sqlQuery = "SELECT * from users WHERE username = :username AND password = :password" ;
$statement = $conn->prepare($sqlQuery);
$statement->execute(array(':username' =>$user , ':password'=>$hashed_password));
while($row = $statement->fetch_object())
{
$id = $row->id;
$username = $row->username;
$password = $row->password;
if(strcmp('$password', '$hashed_password') == 0)
{
echo '<script type="text/javascript">console.log("Success");</script>';
}
else
{
echo '<script type="text/javascript">console.log("Failed");</script>';
}
}
}
I want to create login page. First, I get username and password from login.html and send them to login.php to check its available or not. But it always give errors and I cannot solve that
Login.html
<form action="login.php" method="post">
<div class="containerLogin">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username"name="username" required>
<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>
</div>
<div class="containerLogin" style="background-color:#f1f1f1">
<input type="submit" name="submit" value="submit" class="btn btn-primary">
<span class="password">Forgot password?</span>
</div>
</form>
login.php
<?php
include_once "connection.php";
if (isset($_POST['submit'])) {
session_start();
if($_POST['username'] && $_POST['password']) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = mysqli_query("SELECT * FROM studenttable WHERE username='$username' and password='$password'");
$res = mysqli_query($con, $query);
$count_user = mysqli_num_rows($res);
if($count_user==1)
{
$row = mysqli_fetch_array($res);
$_SESSION['username'] = $row['username'];
$_SESSION['password'] = $row['password'];
header("location:dashboard.php?success=1");
}else{
$error = 'Incorrect Username, Password and Branch.';
}
}
}
?>
ERRORS
login.php
The $query variable should not be a mysqli_query, but a string, since you can't pass a query as a parameter to another query. Replace that line (24) with this:
$query = "SELECT * FROM studenttable WHERE username='$username' and password='$password'";
The PHP script supposed to receive two variables : username and password but it doesn't do that and it always "echo" : "missing input".
I tried to echo the two variables but nothing was echoed, which i think means that they are not initialized.
This is the script:
require_once ('connect.php');
$username= $_POST['username'];
$password= $_POST['password'];
if(isset($_POST['username']) && isset($_POST['password'])) {
if(!empty($username) && !empty($password)) {
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if(mysqli_query($con,$query)) {
echo "Welcome";
mysqli_close($con);
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
else {
echo "missing input";
}
I tried sending the post data using Postman and via HTML page but both returned the same thing: "missing input"
This is the HTML i used
<form action="mlog.php" method="post">
<input type="textbox" name="username" value="username" />
<input type="textbox" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
its <input type="text">
<form action="mlog.php" method="post">
<input type="text" name="username" value="username" />
<input type="text" name="password" value="password" />
<input type="submit" name="login" value="submit" />
</form>
Check if the login button was clicked, then check if the username and password are not empty then assign the vars to them if not.
<?php
if(!empty($_POST['username']) && !empty($_POST['password'])) {
$username= $_POST['username'];
$password= $_POST['password'];
$query = "Select * from merchant where username='$username' and password = '$password' ";
$r = mysqli_query($con, $query);
if($r) {
echo "Welcome";
//redirect
}
else {
echo "Wrong password or username";
mysqli_close($con);
}
}
else {
echo "you must type both inputs";
}
}
?>
<html>
<div class="panel-body">
<form method="post" action="index.php">
<div class="form-group">
<input class="form-control" placeholder="username" name="username" type="text" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="password" name="password" type="password" value="">
</div>
<input type='submit' name="submit" value='Login'>
</form>
<?php
if(isset($_POST['submit']))
{
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
if($username && $password)
{
$query = mysql_query("SELECT Name, Password FROM users WHERE Name = '$username' LIMIT 1");
if(mysql_num_rows($query) == 1)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Name'];
$dbpassword = $row['Password'];
}
$somename = hash( 'whirlpool', $password);
$somename = strtoupper($somename);
if($username == $dbusername && $somename == $dbpassword)
{
$_SESSION['username'] = $dbusername;
header('location: /pcp/home.php');
}
else $error = "Wrong password!";
}
else $error = "Username doesn't exist!";
}
else $error = "Type name and password!";
}
?>
</div>
</html>
When I submit the button with correct password and user, it doesn't go to home.php but when I reload, it goes.
It's using bootstrap, is this the reason why? If so or not, could you help me fix it.
If you want to add your php code together with form elements, you need to write
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
or not. Simply separate form page & php page.
It means that
index.php
<html>
<div class="panel-body">
<form method="post" action="check.php">
<div class="form-group">
<input class="form-control" placeholder="username" name="username" type="text" autofocus>
</div>
<div class="form-group">
<input class="form-control" placeholder="password" name="password" type="password" value="">
</div>
<input type='submit' name="submit" value='Login'>
</form>
</div>
</html>
ckeck.php
<?php
if(isset($_POST['submit']))
{
$username = sanitize($_POST['username']);
$password = sanitize($_POST['password']);
if($username && $password)
{
$query = mysql_query("SELECT Name, Password FROM users WHERE Name = '$username' LIMIT 1");
if(mysql_num_rows($query) == 1)
{
while($row = mysql_fetch_assoc($query))
{
$dbusername = $row['Name'];
$dbpassword = $row['Password'];
}
$somename = hash( 'whirlpool', $password);
$somename = strtoupper($somename);
if($username == $dbusername && $somename == $dbpassword)
{
$_SESSION['username'] = $dbusername;
header('location: /pcp/home.php');
}
else $error = "Wrong password!";
}
else $error = "Username doesn't exist!";
}
else $error = "Type name and password!";
}
?>
Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table
THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC
<?php
session_start();
include('connect_mysql.php');
if(isset($_POST['update']))
{
$usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
$passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
$first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
$last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
$emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));
$user_id = $_SESSION['user_id'];
$editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");
if(!$editQuery)
{
echo mysql_error($editQuery);
die($editQuery);
}
}
?>
<html>
<head>
<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>
<article>
<h1>Welcome</h1>
<h1>Edit Account</h1>
<div id="login">
<ul id="login">
<form method="post" name="editAccount" action="userEditAccount.php" >
<fieldset>
<legend>Fill in the form</legend>
<label>Select Username : <input type="text" name="username" /></label>
<label>Password : <input type="password" name="password" /></label>
<label>Enter First Name : <input type="text" name="first_name" /></label>
<label>Enter Last Name : <input type="text" name="last_name" /></label>
<label>Enter E-mail Address: <input type="text" name="email" /></label>
</fieldset>
<br />
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
</form>
</div>
<form action="userhome.php" method="post">
<div id="login">
<ul id="login">
<li>
<input type="submit" value="back" onclick="index.php" class="button">
</li>
</ul>
</div>
</article>
<aside>
</aside>
<div id="footer">Text</div>
</div>
</body>
</html>
SOrry for some reason the I forgotten to copy this part faceslap
login.php:
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>
You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.
Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.
Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?
Last but not least, personally I would replace this:
<input name="update" type="submit" submit="submit" value="Edit Account" class="button">
with this:
<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">
At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.
Sir from the code given above i think you have error in your login.php
$_SESSION['user_id'] = $user_id;
You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].
<?php
session_start();
require('connect_mysql.php');
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$username = $_POST["username"];
$password = $_POST["password"];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
$numrow = mysql_num_rows($query);
if($username && $password){
$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrow = mysql_num_rows($query);
if($numrow !=0){
$user_id = 0;
while($row = mysql_fetch_assoc($query)){
$dbusername = $row['username'];
$dbpassword = $row['password'];
$user_id = $row['user_id'];
}
if($username == $dbusername && $password == $dbpassword ){
$_SESSION['user_id'] = $user_id;
header("Location: userhome.php");
}
else{
echo "Incorect password";
}
}
else{
die("This user dosent exists");
}
}
else{
$reg = die("Please enter username and password");
}
}
?>