Insecure coding will grant anyone access as input is not escaped.

On Wed, Apr 24, 2013 at 3:00 PM, Zack Githinji <zachgithinji@gmail.com> wrote:
try this
-----------------------------------------------------------------

<?php
$portal=$_POST['portal'];
$u_id=$_POST['uname'];
$pwd=$_POST['upass'];
//my sql part
$host="localhost";
$dbuser="root";
$dbpass="";
//connect to the database
$conn= mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());
mysql_select_db('cars') or exit("Database not found");
//The Query
$strSQL= "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";  
$result=mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());
//logic test
$numrows=mysql_num_rows($result);
//error below here
if($numrows=1)
{
    /*echo "success";
    echo "Name:".$u_id."</br>";*/
     //user access
    if ($portal="user")
    {
        header("Location:upload.html");
    }
    //dealer access even with wrong credentials this is opened
    elseif ($portal="dealer")

    {
        header ("Location:select.html");
    }
    //administrator access
    elseif ($portal="admin")
    {
        header ("Location : login.html");
    }
    else
    {
        echo "login error";
        return false;

    }   
}
else
{
    echo" Login Failed";
    echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";
}
?>
-------------------------------------------------------


On Wed, Apr 24, 2013 at 2:59 PM, Kennedy Kairu Kariuki <kkairu@gmail.com> wrote:
True Peter. Also the other parts where you are doing comparison and not assignment.


On Wed, Apr 24, 2013 at 2:56 PM, Peter Karunyu <pkarunyu@gmail.com> wrote:
I suspect it's line 18 where you state thus:

if($numrows=1){

I reckon you wanted to say:

if($numrows == 1){


On Wed, Apr 24, 2013 at 2:46 PM, Victor Yegon <viktayeg@gmail.com> wrote:
How do you assign username an id??


On Wed, Apr 24, 2013 at 2:40 PM, Andrew Nduati <nduatiandrew@gmail.com> wrote:
Afternoon people, I urgently need someone to look at my code below and tell my why:
1. The wrong credentials allow one access.
2. Only the dealers page is opening even after selecting user or admin portals.
Looking forward to helpful feedback thanks.
THE CODE:
<?php
$portal=$_POST['portal']; 
$u_id=$_POST['uname'];
$pwd=$_POST['upass'];
//my sql part
$host="localhost";
$dbuser="root";
$dbpass="";
//connect to the database
$conn= mysql_connect($host,$dbuser,$dbpass) or exit("Connection Error".mysql_error());
mysql_select_db('cars') or exit("Database not found");
//The Query
$strSQL= "SELECT `u_name` from `users` where `u_name` = '.$u_id.' and `pass` = '.$pwd.' and `type` = '.$portal.'";   
$result=mysql_query($strSQL, $conn) or exit("sql Error:".mysql_error());
//logic test
$numrows=mysql_num_rows($result);
//error below here
if($numrows=1){
/*echo "success";
echo "Name:".$u_id."</br>";*/
 //user access
if ($portal="user"){
header("Location:upload.html");
}
else{
echo "login error";
return false;
}
//dealer access even with wrong credentials this is opened
if ($portal="dealer"){
header ("Location:select.html");
}
//administrator access
elseif ($portal="admin"){
header ("Location : login.html");
}
}
else{
echo" Login Failed";
echo "</br><a href='#' onclick='window.history.back();'>Click Here</a>";
}
?>

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,

Yegon Victor | Web Specialist/Internet Consultant |



_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,
Peter Karunyu
-------------------

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Regards,
Zack K. Githinji
Technical Officer,

Cell:+254 722 649199
E-mail:zachgithinji@gmail.com

"God grant me the serenity to accept the things I cannot change, the
courage to change the things I can, and the wisdom to know the
difference."

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--

Best Regards,
 _ _ ____ __ _ __ _ _ _
  Y  [__] | \| | \|  Y 
Email: yonnym@gmail.com
Skype: yonny4103
PGP Public Key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC31163AE5A98C30A

DISCLAIMER: The information contained in or accompanying this e-mail is intended for the use of the stated recipient only.
It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mis-transmission.If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender.You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.