malango
/
LRR
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Logging Users 

Password verification was being bypassed therefor on line 160 i modified the password verification to match the database
Bug460-Malango
CloudStarTreck 2020-03-16 20:26:17 +08:00
parent c8583e0631
commit 41aa01579c
2 changed files with 18 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Script.php
View File

@ -10,7 +10,7 @@
session_start(); session_start();
date_default_timezone_set('Asia/Shanghai'); date_default_timezone_set('Asia/Shanghai');
// CONNeCTION // CONNeCTION
$con=mysqli_connect("localhost","root","","lrr"); $con=mysqli_connect("localhost","Ashly","Teecloudy","lrr");
// Check connection // Check connection
if (mysqli_connect_errno()) if (mysqli_connect_errno())
{ {
@ -113,7 +113,7 @@ if (!empty($_POST["frm_signup_1"])) {
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
// check if email is taken // check if email is taked
$result = mysqli_query($con, $result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE email='$email'"); "SELECT * FROM Users_Table WHERE email='$email'");
if(mysqli_num_rows($result)!=0) if(mysqli_num_rows($result)!=0)
@ -122,7 +122,7 @@ if (!empty($_POST["frm_signup_1"])) {
header("Location: signup.php"); header("Location: signup.php");
return; return;
} }
//applying password_hash() (first_commit) //applying password_hash()
$password_hash = password_hash($password, PASSWORD_DEFAULT); $password_hash = password_hash($password, PASSWORD_DEFAULT);
$sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES " $sql= "INSERT INTO `users_table`(`Email`, `Password`, `Full_Name`, `UserType`, `Student_ID`, `Passport_Number`) VALUES "
. "('$email','$password_hash','$fullname','Student','$student_id','$passport')"; . "('$email','$password_hash','$fullname','Student','$student_id','$passport')";
@ -144,7 +144,7 @@ if (!empty($_POST["frm_login"])) {
$user=mysqli_real_escape_string($con,$_POST["user"]); $user=mysqli_real_escape_string($con,$_POST["user"]);
$password=mysqli_real_escape_string($con,$_POST["password"]); $password=mysqli_real_escape_string($con,$_POST["password"]);
// $hashed_password=hash('sha512', $password); Not necessary in the login // $hashed_password=hash('sha512', $password); Not necessary in the login
$result = mysqli_query($con, "SELECT * FROM users_table WHERE (Email='$user' or Student_ID='$user')"); $result = mysqli_query($con, "SELECT * FROM users_table WHERE (Email='$user')");
if(mysqli_num_rows($result)==0) if(mysqli_num_rows($result)==0)
{ {
$_SESSION["info_login"]="Inavlid login Information."; $_SESSION["info_login"]="Inavlid login Information.";
@ -157,7 +157,7 @@ header("Location: index.php");
{ {
while($row = mysqli_fetch_assoc($result)) { while($row = mysqli_fetch_assoc($result)) {
// verify the hashed password and unhashed password // verify the hashed password and unhashed password
if(password_verify($password, $row["Password"]) or ($password = $row["Password"])){ if(password_verify($password, $row["Password"]) or $password == $row["Password"]){
$_SESSION['user_id']=$row['User_ID']; $_SESSION['user_id']=$row['User_ID'];
$_SESSION['user_email']=$row['Email']; $_SESSION['user_email']=$row['Email'];
$_SESSION['user_student_id']=$row['Student_ID']; $_SESSION['user_student_id']=$row['Student_ID'];
@ -183,6 +183,13 @@ header("Location: index.php");
{ {
header("Location: Admin.php"); header("Location: Admin.php");
} }
// report wrong pass if not correct
}else{
$_SESSION["wrong_pass"]="Wrong Password.";
echo $_SESSION["wrong_pass"];
header("Location: index.php");
} }

5
index.php
View File

@ -49,6 +49,11 @@ if(isset($_SESSION['info_login'])) {
echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_login'].'</div>'; echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['info_login'].'</div>';
$_SESSION['info_login']=null; $_SESSION['info_login']=null;
} }
// wrong pass
if(isset($_SESSION['wrong_pass'])) {
echo '<hr><div class="alert alert-danger" role="alert">'.$_SESSION['wrong_pass'].'</div>';
$_SESSION['wrong_pass']=null;
}
?> ?>
</form> </form>