Hello Everyone,
I’m a beginner php-mysql programmer.
I have implemented a simple php-mysql web site using Kevin Yank book and articles.
I think I have a little issue with security. My access script for the CMS part of my website is based on this article of Kevin: http://www.sitepoint.com/article/users-php-sessions-mysql . Everything is fine but I think the password in the session is stored in plain text. This is a security problem in my opinion but, maybe I’m wrong?
I have read this article: http://www.sitepoint.com/article/php-security-blunders/2 It talks about using sha1 algorithm to solve my problem.
Here is my access script. I’d like someone to rewrite it with sha1 algorithm because I really can’t figure out how to do it myself.
<?php // accesscontrol.php
session_start();
include_once 'db.php';
include_once 'common.php';
$uid = isset($POST['uid']) ? $POST['uid'] : $SESSION['uid'];
$pwd = isset($POST['pwd']) ? $POST['pwd'] : $SESSION['pwd'];
if(!isset($uid)) {
?>
<html>
<head>
<title>admin access</title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>authentication required</h1>
<p>you must be registered to access this part of the website</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="22" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$SESSION['uid'] = $uid;
$SESSION['pwd'] = $pwd;
dbConnect("****");
$sql = "SELECT FROM user WHERE
userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\nIf this error persists, please '.
'contact *******.');
}
if (mysql_num_rows($result) == 0) {
unset($SESSION['uid']);
unset($SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1>Access denied</h1>
<p>Sorry your info are incorrect please try again
<a href="<?=$_SERVER['PHP_SELF']?>">click here</a></p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
?>
I am on a shared host (cpanel) with these specs:
Apache 1.3.37
PHP 4.4.3
Mysql 4.0.27
Also, all my access script are outside Public_html folder.
I thank in advance anyone who would like to help me on this.
PS: Sorry for my English , I’m from French Canada
