Login issues

PHP
1

Hello All,

I am very new to programming world.

I am trying to make a website for my friends group. where we can login and then chat or share our things. I have developed a registration system , alogin system and everything is working fine. The problem comes when user logs in to the account.

When a user logins, he is redirected to a verification page which says that if you are not the logged user, you must logout. then two links come up-Logout and proceed. Logout is working fine too but if proceed is pressed next page throws user out. below is my code on verification page. I want to know what files needs to be included at the end of new pages so that this shouldn’t happen. On mypage.php - i am including the below php code again completely.

<!-- ******** verification.php ******** –>



<?php
include_once("php_includes/check_login_status.php");
// Initialize any variables that the page might echo
$u = "";
$sex = "Male";
$userlevel = "";
$country = "";
// Make sure the _GET username is set, and sanitize it
if(isset($_GET["u"])){
	$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
} else {
    header("location: http://www.mysite.com");
    exit();	
}
// Select the member from the users table
$sql = "SELECT * FROM users WHERE username='$u' ;
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
	echo "That user does not exist , press back";
    exit();	
}
// Check to see if the viewer is the account owner
$isOwner = "no";
if($u == $log_username && $user_ok == true){
	$isOwner = "yes";
}
// Fetch the user row from the query above
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
	$profile_id = $row["id"];
	$gender = $row["gender"];
	$country = $row["country"];
	$userlevel = $row["userlevel"];
	if($gender == "f"){
		$sex = "Female";
	}
}
?>




<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title><?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="style/style.css">
<script src="js/main.js"></script>
<script src="js/ajax.js"></script>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
  <h3><?php echo $u; ?></h3>
  <p>Is the viewer the page owner, logged in and verified? <b><?php echo $isOwner; ?></b></p>
  <p>Gender: <?php echo $sex; ?></p>
  <p>Country: <?php echo $country; ?></p>
  <p>User Level: <?php echo $userlevel; ?></p>
</div>
<div ><h2>If you are not <b><?php echo $u; ?></b>,please logout the account immediately.</h2></div>
<div  ><a href="logout.php">Logout</a><div ><a href="mypage.php">Proceed</a></div></div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>

<!-- ******** check_login_status.php ******** –>

<?php
session_start();
include_once("db_conx.php");
// Files that inculde this file at the very top would NOT require
// connection to database or session_start(), be careful.
// Initialize some vars
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function evalLoggedUser($conx,$id,$u,$p){
	$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
    $query = mysqli_query($conx, $sql);
    $numrows = mysqli_num_rows($query);
	if($numrows > 0){
		return true;
	}
}
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
	$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
	$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
	$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
	// Verify the user
	$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
} else if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
	$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
    $_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
    $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
	$log_id = $_SESSION['userid'];
	$log_username = $_SESSION['username'];
	$log_password = $_SESSION['password'];
	// Verify the user
	$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
	if($user_ok == true){
		// Update their lastlogin datetime field
		$sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1";
        $query = mysqli_query($db_conx, $sql);
	}
}
?>
2

So, precisely what happens when the user presses the ‘proceed’ link? Does it run through the verification code and throw the user out? If you add a series of ‘echo’ statements to trace through the code as it runs, does that give any clues?

3

You should be using prepared statements for your SQL queries as your code is currently vulnerable to SQL injection attack. Have a read of http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php for how to use prepared statements with the mysqli_* extension.

Also you might want to consider each user having a password (which should be stored in a hashed form in the database) as what’s to stop anyone from logging in as someone else, just by giving a valid username, even if it’s not their own?

4

Hello SpacePhoenix, please tell me what you find vulnerable to SQL injection attack in my code, so that i can work on it.

5

You’re using $conx in your evalLoggedUser() function and $db_conx for the others. Are you setting two different connection variables?

You really should switch to PDO and bind any input to query.

6

You’re using $conx in your evalLoggedUser() function and $db_conx for the others. Are you setting two different connection variables?

Scratch that. My bad.

7

You are missing the closing quote on this line.

// Select the member from the users table
$sql = "SELECT * FROM users WHERE username=‘$u’";