

PHP MD5 Secure login script. - neinsun
http://www.firstamong.com/php-secure-login-script/

======
infinity
In the verifier.php I see a problem here:

    
    
        $uid=$_COOKIE['uid'];
        $uname=$_COOKIE['uname'];
        $sql="SELECT * FROM users WHERE username='$uname'";
    
    

The $uname is set from the value of 'uname' in the $_COOKIE array, but I see
no input validation here.

If I were an evil attacker, I could send arbitrary cookie data to the server,
it would end up in the $_COOKIE superglobal. If I include some SQL code, ...
All input is evil!

Later, in the welcome.php the $_COOKIE['uname'] is echoed without any escapes.

~~~
maratd
> I see a problem here:

No, that's not a problem. It's a disaster. Whoever wrote that should be shot.
If you're going to stick things from a cookie into your database, at least
have enough brains to use a prepared statement.

------
gregjor
Use mysql_real_escape_string() instead of addslashes(). And the cookie
contents can't be trusted. The usual way to do this is with a server-side
session, but if a cookie is used the user id and name have to be protected;
MD5 can be used to do that, too.

------
soho33
why are you adding slashes to the password before converting it into md5? even
if they have ' in the password the md5 would get rid of it when you use it in
the query.

------
bornonthebull
Please add some salt to your password.

------
adamjleonard
DO NOT USE THIS CODE !

