elo… i can’t seem to find any error in this form that i created… this form is a change password module… if u found any error pls tell… i really need help…
here is the form
[php]
| Old Password | |
| New Password | [?] |
| Repeat New Password | |
here is the query form
[php]
[/php]
help please!!
plaese tell us what it does/dosn’t do.
and use error_reporting(E_ALL) while developing.
i don’t wanna read through the hole script without these informations / debugging approach.
well ser… it doesnt store the newpassword… but it already checks if the oldpassword exists…
it returns “Account Successfully Modified!”?
the errors i found are:
[php]$sql = “SELECT Password FROM tbl_customer WHERE Password = md5(’$oldPassword’)”;[/php]
… is not checking whether the user has provided the right pasword, but it checks if any user in the db is having this password.
there is a big securety issue, using posted data in a mysql-statment, always use mysql_excape_string:
[php]$sql = ‘SELECT Password FROM tbl_customer WHERE Password = md5("’.mysql_escape_string($oldPassword).’") AND Username = “’.mysql_escape_string($user).’”’;[/php]
i guess the variable $Username is not set.
plz, plz plz use error_reporting(E_ALL) !!!
i found the error sir with a help of my friend! may i ask a question?? what’s mysql_escape_string?
i’ll post the new code so that some people will see…
[php]
<?php require_once 'library/config.php'; if(isset($_SESSION['login_user']) && $_SESSION['login_user'] == 'ok'){ $user = $_SESSION['login_name']; $id = $_SESSION['login_id']; $sql = "SELECT * FROM tbl_customer WHERE Username = '$user'"; $result = dbQuery($sql); $message = (isset($_GET['error']) && $_GET['error'] != '') ? $_GET['error'] : ''; ?>| Old Password | |
| New Password | |
| Repeat New Password |
and the 2nd form
[php]
[/php]
and sir if u found any glitches it would be greatly appreciated… just dont be harsh… m not runing this on the net all the past topic i post is a senior project of mine… i’m running this on localhost…
http://php.net/mysql_escape_string
it is escaping a string to be used for a mysql_query
lets guess i want to bypass ur sequrety:
i would enter this password: ') OR TRUE LIMIT ('1
the folowing happens:
[php]$_POST[‘txtOldPassword’]="’) OR TRUE LIMIT (‘1";
$oldPassword="’) OR true LIMIT ('1";
$sql = “SELECT Password FROM tbl_customer WHERE Password = md5(’$oldPassword’)”;
// that means:
$sql = “SELECT Password FROM tbl_customer WHERE Password = md5(’’) OR true LIMIT (‘1’)”;
//this will alway select one row. i was able to pass the paswordcheck without knowing the password[/php]
mysql_escape_string converts ') OR TRUE LIMIT ('1 to ') OR TRUE LIMIT ('1
the resuls would be:
[php]$sql = “SELECT Password FROM tbl_customer WHERE Password = md5(’’) OR true LIMIT (‘1’)”;[/php]
now there is no way of using mysql-injection (that’s how it is called to put some sqlcode in a html-field to make the query act the way the hacker wants it to act)
best is u just remember to write ur $sql lines that way:
[php]/* GOOD/SECURE: */
$sql = ‘SELECT * FROM table WHERE field="’ . mysql_escape_string($variable) . ‘"’;
/* BAD/NOT SECURE: */
$sql = “SELECT * FROM table WHERE field=’$variable’”;
[/php]
is a little bit more of typing, but it’s worth it.
about error_reporting(E_ALL);
just put it as the first line of php-code:
[php]<?
error_reporting(E_ALL);
require_once ‘library/config.php’;
$errorMessage = ‘’;
$user = $_POST[‘user’];
$oldPassword = $_POST[‘txtOldPassword’];
$newPassword = $_POST[‘txtNewPassword1’];
…[/php]
[php]<?php
error_reporting(E_ALL);
require_once ‘library/config.php’;
if(isset($_SESSION[‘login_user’]) && $_SESSION[‘login_user’] == ‘ok’){
$user = $_SESSION[‘login_name’];
$id = $_SESSION[‘login_id’];
…[/php]
that’s not to do u any harm, it’s just making u debuggin much easyer.
lets take the script u posted, if u had putted that simple line at it’s top it would have returned:
Notice: Undefined variable: Username in /var/www/whatever.php on line 36
and line 36 was:
so it would have been much easyer for u to see that u had to change $Username to $user
error_reporting(E_ALL) is a big help. and so easy to put in there.
it should be the first thing to do when creating a new php-file.
hope this explains what i meant, if not just ask again.