PseudoMega wrote:
I learned a lot by playing with this one:
http://www.phpfreaks.com/tutorials/65/0.php
....
$username = $_POST['username'];
....
$username = stripslashes($username);
....
$sql_username_check = mysql_query("SELECT username FROM users WHERE
username='$username'");
....
$username_check = mysql_num_rows($sql_username_check);
(pffff, ok, I know what to put there.... something along the lines or
$username="a' OR 1 = 1 LIMIT 1")
....
$username_check = mysql_num_rows($sql_username_check);
....
if(($email_check 0) || ($username_check 0)){...}
(shouldn't that be a == 1?)
....
$sql = mysql_query("INSERT INTO users (first_name, last_name,
email_address, username, password, info, signup_date, decrypted_password)
VALUES('$first_name', '$last_name', '$email_address', '$username',
'$db_password', '$info2', now(), '$random_password')") or die
(mysql_error());
Uhoh, there goes the database.... I can update another username with my own
custom password without trouble....
The whole tutorial is filled with it. I hope he sais something in the end
about escaping (not stripslashes....), or this is a highly unsecure login
indeed. I'm not going to read it all though. At least jpmaster was using
addslashes... A nice, yet cumbersome illustration how one can use
memberareas, which is a nice idea. A terrifying lack of safety though.
--
Rik Wasmus