• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

difficulty in login in one attempt

 
Punit Jain
Ranch Hand
Posts: 1012
2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Everyone, i created a login page, but i am facing some difficulties into that.
my login page is working but in two attempts. i mean when i m trying to login using, it's not logged in and giving me again the login page, but when i am trying to login second time with the same username an password, it's logged in/working.
can anyone tell me the problem, here is my code:

index.php




Page which appear after login:





core.inc.php



connect.inc.php

 
Devaka Cooray
ExamLab Creator
Marshal
Pie
Posts: 4116
195
Chrome Eclipse IDE Google App Engine IntelliJ IDE jQuery Postgres Database Tomcat Server
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Where is your login form located? Is it in index.php or in some other file?

Side note: Your code looks vulnerable for SQL Injection.
 
Punit Jain
Ranch Hand
Posts: 1012
2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes it's index.php. and why it is vulnerable for sql injections can you explain please...
 
Rob Spoor
Sheriff
Pie
Posts: 20372
44
Chrome Eclipse IDE Java Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I post username ' OR '1'='1, your query becomes SELECT `id` FROM `users` WHERE `username`= '' OR '1' = '1' AND `password`= 'whatever here'. As a result (the OR taking precedence if I recall correctly), all records will be returned and I will definitely be able to login. That's just a "harmless" use. With the right input you can delete records, or even drop entire tables. Use mysql_real_escape_string or casting to numbers on every single value you use in any query.
 
Punit Jain
Ranch Hand
Posts: 1012
2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you for this explanation, as you said i replace code like this:


<?php
include("connect.inc.php");
if(isset($_POST['username'])&& isset($_POST['password']))
{

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);


if(!empty($username)&& !empty($password))
{

$query = "SELECT `id` FROM `users` WHERE `username`= '$username' AND `password`= '$password'";
if($query_run = mysql_query($query))
{
$num_row = mysql_num_rows($query_run);
if($num_row == 0)
{
echo 'Invalid username and password.';
}
else
{
$user_id = mysql_result($query_run, 0, 'id');
$_SESSION['user_id']=$user_id;
$_SESSION['username']=$username;
header("Location: loggedin.php");
}
}
else
{

}
}
else
{
echo 'fill username and password.';
}
}
?>



is it ok..?
and please let me know if i should do any other updation to make my login page more secure...
Thank you...
 
Don't get me started about those stupid light bulbs.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic