This tutorial was made by Allen-X, it is a sample of how weak security can be.
SQL Injection is a common method now, and how do you prevent it? quite simple, you can use a mysql_real_escape_string on all your forms to prevent it, here is a quick example:
Well what we do is use mysql_real_escape_string, why would I recommend this? Well it escapes Special Characters, Special Characters are ejected in SQL Injection attacks.<?php
// Connection
$link = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
OR die (mysql_error));
$query = sprintf("SELECT * FROM users WHERE user=bla AND password=bla,
mysql_real_escape_string($user), // Escapes Special Characters
mysql_real_escape_string($password)); // Escapes Special Characters
?>
I would also recommend using addslashes as prevention. Here is an example of addslashes:
The output would be:<?php
$que = "Don't you dare";
echo addslashes($que);
?>
Don/t you dare
So either one would be fine.
Now lets say you want to protect your database from exposure, here is a sample code I wrote:
<?php
What that does is encrypt our password in the database as SHA1.$try_password = crypt(sha1($password)); // Crypts user password in SHA1 encryption
if($crypted_pass == $try_password){// If $crypted_pass = $try_password then its correct
echo "Correct";
}
else {// Otherwise
header('Location:/login.php');
}
?>
If the password is inserted correctly, you get "Correct" if it isn't, we use a else statement to redirect our user back to our login page.
You can modify it, such as adding something like:
What that does is fwrites and fopens and etc to our files to indicate IP logs. Investigate the script so you get a more better understanding.$ip = getenv(REMOTE_ADDR");
$log = "\n$ip";
$fo = fopen("login", "a");
$loginlog = "$IPlog";
fwrite($fo, $loginlog);
fclose ($fo);
else
$terminate
Its also recommended you chmod the file to 777.
Another thing that may be important is to use a session_cache_expire and session_start(), this can be used to switch Session ID's. Why may this be important? Mainly because someone can cookie spoof and get into your account using your SES id, well, having it expire is just a solution.
Here is something I wrote out:
First, you need to switch the selections in the header() statement, /index.php may be the functionality you use, but if it isn't, switch it to what it is. After it redirects to your index, then a new session is created.<?php
// Creates "priv"
session_cache_limiter('priv');
$cache_limiter = session_cache_limiter();
//Session Cache expires in 20 secs and sleeps for 11 secs and then creates session
session_cache_expire(20);
$cache_expire = session_cache_expire();
sleep(11);
session_start();
//Redirects to whatever you want
header('Location: /index.php');
// Basically a exit() command
die()
?>