Sie sind auf Seite 1von 6

HACK ME -- PHP Login Form with ANTI SQL INJECTION Script.

>> DATABASE: CREATE TABLE IF NOT EXISTS `users` ( `username` varchar(50) COLLATE latin1_general_ci NOT NULL, `password` varchar(50) COLLATE latin1_general_ci NOT NULL, `full_name` varchar(100) COLLATE latin1_general_ci NOT NULL, `email` varchar(100) COLLATE latin1_general_ci NOT NULL, `phone` varchar(20) COLLATE latin1_general_ci NOT NULL, `level` varchar(20) COLLATE latin1_general_ci NOT NULL DEFAULT 'user', `block` enum('Y','N') COLLATE latin1_general_ci NOT NULL DEFAULT 'N', `id_session` varchar(100) COLLATE latin1_general_ci NOT NULL, PRIMARY KEY (`username`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci; >> SCRIPT: 1. public_html/login_form.php <form name="login" action="config/login_check.php" method="post"> <table> <tr><td>Username</td><td> : <input type="text" name="username"></td></tr> <tr><td>Password</td><td> : <input type="password" name="password"></td></tr> <tr><td colspan="2"><input type="submit" value="Login"></td></tr> </table> </form>

2. public_html/config/login_check.php

<?php include "conn.php"; //connection file function anti_injection($data){ $filter = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES)))); return $filter; } $username = anti_injection($_POST['username']); $pass = anti_injection(md5($_POST['password']));

//make sure the username and password are character or number. if (!ctype_alnum($username) OR !ctype_alnum($pass)){ echo "Bingo!! Now the login form is secure. No more SQL Injection."; } else{ $login=mysql_query("select * from users where username='$username' and password='$pass' and block='N'"); $found=mysql_num_rows($login); $r=mysql_fetch_array($login); //If found the username and password if ($found > 0){ session_start(); include "timeout.php"; $_SESSION[username] $_SESSION[fullname] $_SESSION[passuser] = $r[username]; = $r[full_name]; = $r[password];

$_SESSION[leveluser] // session timeout $_SESSION[login] = 1; timer(); $old_sid = session_id(); session_regenerate_id(); $new_sid = session_id();

= $r[level];

mysql_query("update users set id_session='$new_sid' where username='$username'"); header('location:../clientarea/index.php'); //page redirection, after success login } else{ echo "<center>LOGIN FAILED!!<br/> Wrong username or password.<br/> Or your account being blocked.<br/>"; echo "<a href=../index.php><b>Please repeat again.</b></a></center>"; } } ?> 3. public_html/config/timeout.php <?php session_start(); function timer(){ $time=10000; //set the timer $_SESSION[timeout]=time()+$time; } function login_check(){

$timeout=$_SESSION[timeout]; if(time()<$timeout){ timer(); return true; }else{ unset($_SESSION[timeout]); return false; } } ?>

4. public_html/config/logout.php <?php session_start(); session_destroy(); echo "<center>You have successfully exit the system.<b>[LOGOUT]</b></center>"; ?> 5. Add this script before "<html>" tag to the public_html/clientarea/ALLPAGES.PHP (all pages) <?php session_start(); error_reporting(0); include "../config/timeout.php"; if($_SESSION[login]==1){ if(!login_check()){ $_SESSION[login] = 0; }

} if($_SESSION[login]==0){ header('location:../config/logout.php'); } else{ if (empty($_SESSION['username']) AND empty($_SESSION['passuser']) AND $_SESSION['login']==0){ <center>To access this area, you have to login first!<br/>"; echo "<a href=../index.php><b>LOGIN</b></a></center>"; } else{ ?> <html> 6. And add this closing script after "</html>" tag to the public_html/clientarea/ALLPAGES.PHP (all pages) </html> <?php } } ?> <!--- FINISH --> If any mistakes, please remind me. ;-) I think need some explanatiion here. Mmm.. maybe next.. if I have a time, I will explain.. Just try it.. to test your "HACKING" skill, okay.. ;-p

Thanks.