[RESOLVED] Is this a secure method for session managment ?

Dev_M_nX

ok, there's 4 files

this is all quick and dirty

i havent included the MYsql_class.php
what im asking is about my session control, not how well i use the...
mysql_real_escape_string() function

but i have included the returns from the sql calls, so assesments can be made from these

the code is fully executable on a php compatible server, you can run it if you'de like to test ( i copy pasted this from my files right after testing, so there shouldn't be typo's )

( i've included a logoff button on successful login for convenience )

I would like as much constructive criticism as you can give me
I want this to be 100% secure (as far as known vulnarabilities go)

Any and all feedback is much appreciated,

P.S once again, this is all quick and dirty, so if it's not clear, ask me or re-read it 🙂

Thank you

...
...includes are attached with ".txt" extensions...
...rename to ".php" if you're going to read it in vim or another color-coding text editor...
...

it all starts in index.php here...

<?php

include( 'sess_control.php' );
include( 'MYsql_class.php' );
include( 'home.php' );
include( 'functions.php' );

$MYsql = new MYsql;

if ( isset($_SESSION['_ID']) && DB_test() )
{                                                                                                                                                            
    home();                                                                                                            
}                                                                                                                                             

else                                                                                                                                         
{                                                                                                                                                            
    ?>
    <html>
        <head><title>User Login</title></head>
        <body>                                                                                                                                                
            <div style="text-align:center;">
                <form method="POST" action="index.php">
                <table>
<tr>
<td>Username: </td><td><input name="user" type="text" value""></td>
</tr>
<tr>
<td>Password: </td><td><input name="passwd" type="password" value=""></td>
</tr>
<tr>
<td colspan=2><input type="submit" value="Login"></td>
</tr>
                    </table>
                    </form>
                </div>
            </body>
        </html>
        <?php
    }

?>

Thanx again...

Regards,
Dev_M!nX

Dev_M_nX

Sorry, i was in a hurry :/

the files are attached here

Thanks,

Shrike

Why do you call sha1() so many times?

Is there really any need to store

sha1( $username . sha1( $password ))

in the session?

$_SESSION['_ID'] = true;

would serve the same purpose.

The most common place for vulnerabilities will be in database access but since you don't want to talk about that, I won't either 🙂

Dev_M_nX

ok, not to burst the bubble, but there is a flaw in this...

$_SESSION['_ID'] = true;

and a nice one at that...

if host your own site from your own linux box and use the same name for your session id... '_ID'

then all you have to do is log onto your site first
this will store that session id... then you can open my sites page (with the same session ID)

my site will recognises the '_ID' variable as being true, and then you have full access to my site 🙂

not the best workaround, and i've tested it, its not pretty when its that easily accessible

thanx anyway tho, cause i thought of that one 2...

Regards,
Dev_M!nX

Dev_M_nX

Hi again,

I've just been informed of the PHPSESSID variable that is already doing what i intended
with the $SESSION['ID'] variable

so it seems i was re-inventing the wheel 🙁

oh well, same effectivity, thanks for the help anyways...

Regards,
Dev_M!nX

Shrike

Not so much reinventing the wheel as misunderstanding how the session module works? 🙂

Anything you write into the session using the $_SESSION superglobal gets written to the session itself, and is not used it any way to propogate the session (thats handled internally by the module).