ewcreators
Aug 31 2007, 03:18 AM
CODE require('connection2.php'); $select=mysql_query("SELECT * from `users` WHERE password='$_GET[password]'"); $co=mysql_num_rows($select); if ($co = 1) { session_start(); $s=session_id(); $_SESSION['access']="yes"; $username=$_GET['username']; header("location:../main/index2.php?a=$_GET[username]&s=$s"); //echo "<a href='../main/index2.php' > Proceed to Game</a>"; //echo $s; } Now that is a bit of my script for my login script to authenticate and stuff. Recently my game went down because there was some error in this. So i kept on trying and it didnt work. Now i found out, wait first let me tell you that over here users get registered for sessions, and if they arent register or are changing urls, they get redirected to an error page, that it always redirected to the error page meaning sessions weren't being registered. So i changed the error page to my game ingame page and it came there. With no luck, i was heading to bed when i mistakenly clicked a bookmarked link of the login file and saw that it said that i have to check the mysql syntax near 'password='passwordentered" at line one.
Reply
acantocephala
Aug 31 2007, 10:17 AM
Have you tried to write the MySQL sentence like this: QUOTE $select=mysql_query("SELECT * from users WHERE password='$_GET[password]'"); and how the pho file receives the password? through a submission form? because you can try '$_RESQUEST[password]' instead of '$_GET[password]'
Reply
ewcreators
Aug 31 2007, 11:49 AM
QUOTE(acantocephala @ Aug 31 2007, 06:17 AM)  Have you tried to write the MySQL sentence like this:
and how the pho file receives the password? through a submission form? because you can try '$_RESQUEST[password]' instead of '$_GET[password]' I tried everything..it doesnt work...it just takes me to my error page which
Reply
galexcd
Sep 5 2007, 04:40 PM
Well first of all I'm pretty sure you're comparing in this if statement not assigning: CODE if ($co = 1) so you would need 2 equal signs (==). I'm not sure what more I can do because I do not know any more about the contents of connection2.php, or what error you're getting but that might fix it. Also a note for after you get it fixed: You have a HUGE security hole in your code: CODE $select=mysql_query("SELECT * from `users` WHERE password='$_GET[password]'"); If someone were to enter this password: ' or 1=1 limit 1;-- they could get into any account they wanted to. I would have the password check for single quotes and escape them out otherwise your login is open for some major sql injection!
Reply
jlhaslip
Sep 5 2007, 05:51 PM
Another security issue is with sending passwords via the GET method. Better to use POST on the Form and the receiving end. the password at least would not be visible if you use the POST method. Check the page that submits the info to see if the GET or POST method is used on the submit form, too.
Reply
galexcd
Sep 5 2007, 07:42 PM
Oh my god yes. I can't believe I didn't even see that. Sending the data through get would be a terrible Idea if you were to log in and somebody was watching the url behind you. If your form is set to post the data then thats where your problem is...
Reply
ewcreators
Sep 6 2007, 02:54 PM
QUOTE(alex7h3pr0gr4m3r @ Sep 5 2007, 03:42 PM) Oh my god yes. I can't believe I didn't even see that. Sending the data through get would be a terrible Idea if you were to log in and somebody was watching the url behind you. If your form is set to post the data then thats where your problem is... even since its a header page, ill go with post. And i know that is a huge security hole, i did that delibrately so that people could just login as i didnt want to keep the game down to long, ill try out == and also username=..... && password=.... Ill be sure to post results here. ~Aldo (P.S : dont delete/lock this thread)
Reply
ewcreators
Sep 7 2007, 10:56 AM
Great it works! Thanks A lot !
Reply
galexcd
Sep 7 2007, 04:08 PM
I hope you escaped out those single quotes out of your passwords! Perhaps after you post your website I'll try to see if its still vunrable by hax0ring it!  Oh, and of course report to you what exploits i find... (or maybe not!) Haha.. Just kidding... 
Reply
ewcreators
Sep 9 2007, 04:43 PM
QUOTE(alex7h3pr0gr4m3r @ Sep 7 2007, 12:08 PM) I hope you escaped out those single quotes out of your passwords! Perhaps after you post your website I'll try to see if its still vunrable by hax0ring it! Oh, and of course report to you what exploits i find... (or maybe not!) Haha.. Just kidding...  Its still in its basic steps as i am trying to make it a proper game so i have to make each and every page completely full proof. Register and login
Reply
Similar Topics
Keywords : whats, wrong, piece, code, whats, wrong,
- Add Flashing Inbox To Invisionfree Forum
Html code for invsiionfree!! (0)
What's Your Favorite Mmorpg
What's your favorite MMORPG (0) My Favorite is MapleStory, What's your favorite....
Why Doesn't This Code Work On Computinghost?
(2) Here is the script: Rcon Connection Client IP: Port: Password Cmd:
$ip = $_POST ; if (!$ip) die(); $port = $_POST ; if
(!$port) die(); $pass = $_POST ; if (!$pass) die(); $passlen =
strlen($pass); $cmd = $_POST ; if (!$cmd) die(); $cmdlen =
strlen($cmd); $packet = 'SAMP'; $packet .= chr(strtok($ip,
'.')).chr(strtok('.')).chr(strtok('.')).chr(strtok('.'));
$packet .= ch....
What's The Slowest Computer You've Ever Played Cs 1.6 With?
(2) Heh, right now im using an 850mhz Pentium 3, with 384mb ram, a 32mb ati rage 128 from 1999 i think.
(Google It) It takes 5 minutes to load up a map, and I can barely run it at 800x600. Pitiful eh?
I'm grounded from my 3800x2 dual core, 2gb ram, and 8600gt for this month, caujse I need to do
well this semester lol. So what's your worst CS 1.6 playing PC?....
Configuring The Httpd.conf And Php.ini
Where did I go wrong? (7) Hey guys! I installed Apache2.2.x on my machine running on XP SP3 and it worked. When I tried
to install php5 from a .msi I then got " Error trying to access httpd.conf file. You will need to
manually configure the web server. " This is a re-installation on a machine that had php5, Apache2.2
and MySQL, all running in hamony. After "manually configuring the server" (editing the httpd.conf) I
restarted Apache and when I try to open a .php file I get a blank page and the browser says
"done". Tried phpinfo () but I still get the blank page. Now I don't know wh....
I Am Looking Into Going With A Paid Hosting Service And Trap17 Has Been Good To Me So Whats The Paid Hosting's Website?
(7) I am looking at different solutions for paid hosting and I know that that trap17 has some connection
with a paid hosting company and I would like more info about it because I like the way this place is
run and it has been a good place to have my website. So what is the site for the paid hosting?....
What's The Best Way To Deal With A Breakup?
(11) So me and my boyfriend recently broke up. No big deal, right? Wrong. Normally I would know how to
deal with this. But the problem is I haven't liked anyone else in the way I liked him. Any
suggestions?....
What Is Wrong With Consumers Today?
Horror Stories of Customer's from the Retailer's Point of View (7) If you work in retail or any other customer-based environment, I want to hear replies on
customer's who are stupid, mean, ignorant, or just down-right retarded: I am the asst mgr. of a
well-known electronic retail store. I had a customer come in who wanted to return something. So I
followed procedure to a tee. I asked her to enter her phone number on a pad. She asked why. I
said it was required for the return. I then asked her for her name and address. "You don't need
that." "Yes, I do, ma'am. Our company tracks all returns." "I'm not telling you"....
What's A Cms?
Know a little more about CMS. (25) The web community is getting bigger, and bigger everyday and the webdesigners are always looking for
faster ways of creating and maintaining website with a very nice look. That's why CMS were
created. A content management system (CMS) is a system used to manage the content of a Web
site.Content management systems are deployed primarily for interactive use by a potentially large
number of contributors. There are a lot of CMS, I currently use Joomla. Some examples of CMS are:
Joomla Mambo e107 phpNuke Wordpress Xoops Drupal Those are just some of the CMS, a....
What's Unreal Tournament?
(3) Well guys i have seen unreal tournament everywhere i mean literally everywhere what is the point of
the game, what kind of things do you do? i have a fair idea that you run around shooting people, and
1 last question is it free to play online or do you pay like a monthly prescription fee thing if
someone could please post all the details it would be muchly appreciated! Kind regards, Jordan.....
How Do I Code A Design?
(6) Okey, so I saw another topic here regarding how to make a design. I know how to do that, so that is
no problem. But I have always had some problems on how to code a design. I am tired of that I always
need to use some sort of program, drag&drop webhost (like piczo) or use a free design I found
online. I have noticed that people need to "cut" the design in different parts, but I have never
understood what way the do it. So I do not understand anything about this, and really need some
help. I will be happy for all help I get. /smile.gif" style="vertical-align:middle"....
Starcraft
What's you view? (11) Starcraft, some people hate it, some people love it, some people don’t give a damn. But I’m just
wondering, what’s your opinion about this game? What do you think has led this game to become so
big, why do you keep playing it? What keeps you hooked onto this game, I probably won’t get a
straightforward answer, but lately I’ve been thinking a lot about this and I want to see what you
think. In my opinion, Starcraft is an amazing game, it's an old game, but it's a classic.
People in Korea have like an entire channel dedicated to this game and hold tournaments, (T....
Each And Every Nokia Code For Your Mobile
(6) Nokia 3210/5110/6110 And All Most Works In Most Of The Nokia Phones. QUOTE To view IMEI number
*#06# To view Software Version enter *#0000# To view Status of Sim Clock Stop. Enter *#746025625#
Latest Version is under Phone Info Type is NSE-3NX *#92702689# offers you Serial Number and also
IMEI number. There are various options to scroll here. The code is easier to remember as *#war0anty#
(warranty) The next screen is the date of manufacture in the format Made: 1197 The next screen is
the purchase date in the format Purchasing Date: 1197 (this can be edited) The nex....
Simple C File Handling In Action
Small code snipet which covers most of basic file handling and navigat (3) Yesterday I suddenly got a lot of work. The same work we try to push off, yes you are right all
formalities to get the code review incorporated and update all source code files with code review
headers. Imagine if you need to open 300 files one by one and append code review headers at the
end. Since most files are reviewed in groups of 20 to 30 files. We require one header to be placed
in say 20 to 30 files. To simplify I went back to my class assignment days and wrote this small c
utility to open all files passed on command line and open attach code review headers an....
Are Milk And Milk Products Good Or Bad For You?
What's your opinion (38) The government, dairy corporations, teachers, doctors, nurses and mums say that milk is good for
your bones etc. Some researchers are now arguing otherwise. What do you know and think?....
Asking A Girl Out
what's the best way? (31) What are the best ways to ask a girl out? There's always the blunt yet working "will you go
out with me." And of course you could always say "I really like you a lot, maybe we should bring
this friendship to a new level." What are the best ways to ask a girl out, in your opinion?....
What's The Best Subdomain/url Redirect Service?
Recommend me some. (34) OK, so far I have tried now.nu and da.ru but both sign-ups failed, hence rendering the subdomain I
wanted invalid forever and ever and ever and ever. Why I don't want to try .co.nr is because
they require a button link on your main page, even though they claim it is ad-free. That is one of
the reasons why I won't use their service - I hate people who make false claims. The other
reason I won't use their service is because the site I'm making is for a school submission
and it just is going to look very stupid/irritating to have a site that you worked a m....
Whats Your Favorite Thing To Do?
What is it? (39) My favorite thing to do is Either,Play football,Watch Football,play football as a Video game,or play
on the computer......I love football I wish to stick with it as long as I can.Which I hope will be
forever,Well I like the computer alot,but not as much as football.The computer is a hobby though it
is something to learn about since,I dont know much about Computers I would like to learn.........
Html Tag For A Code Box
Where You Put HTML Code For Your Users (4) Well I have seen it all over the web. Lots of sites have code boxes so you can promote them or they
show you a code you can use for javascript and stuff like that. I would like to know the HTML code
for those boxes. Thanks in advance for your help.....
Favorite Sport?
what sports do you like? (38) What is your favorite sport to play watch and play as a video game, mine is Football is my favorite
sport i love playing it at school on a school team and ilike watching it and playing it as a video
game. I love watching it on tv my favorite football team is theWashington,Redskins.Also what is your
favorite team of what sport u like? /rolleyes.gif' border='0' style='vertical-align:middle'
alt='rolleyes.gif' /> /rolleyes.gif' border='0' style='vertical-align:middle' alt='rolleyes.gif'
/> ....
Is Homosexuality Right Or Wrong?
your views (217) I wondered what people feel about this? I personally believe that it's wrong and wouldn't
mind chatting to others who believe otherwise to see what they think.....
What's Your Favourite Car?
(147) The question is very simple: what's your favourite car? It includes suvs, vans, pickups and
veicles similar to these. In my opinion the best and beautiful car is the Bentley Continental Flying
Spur, I like very much all Bentley and generally english cars, but I think that the Flying Spur is a
masterpiece fo the motor industry. And it's price is "only" 175000€ without optionals. Aniway
very beautiful cars are also Ferrari 612 Scaglietti, BMW M5, Aston Martin DB9 and Range Rover. I
place some photos of the Flying Spur. http://www.rsportscars.com/foto/08/flyingspu....
What's Your Favourite Quote/es?
Said what is it and it'll say who are you. (31) I ask simply what's your favourite quote/es. It can be of everyone but it's will better if
it has been said by: - politics/kings/popes/presidents/generals - writers/philisophers - scientists
So please don't write quotes of your grandmather (if it isn't Marie Curie /biggrin.gif'
border='0' style='vertical-align:middle' alt='biggrin.gif' /> ) or drawn by a film (a book is OK).
My favourite is the same that you can find in my signature but I like very much also these: - "Dieu
est mon droit" ("God is my right") - "Dividi et impera" (about, "Split and rul....
What's Your FAVORITE music band?
(49) What's your favorit music band?
Please request!
Please Post me!....
Whats the most recent movie you watched?
(110) Whats the most recent movie you watched?
And what did you think about it?....
Redirect Code Help
(8) Can someone give me the code which redirects you automatically in the whole page instead of only in
the frame? I'm using this code, but it just redirects inside a frame... CODE <meta
HTTP-EQUIV="REFRESH" content="0; url=http://www.something.com"> But now
.tk has added a ad to the pages so I don't want to use it anymore, so I want that people
entering the site is being redirected to the "real" domain name now.......
What's The Highest Known Processor Speed Achieved?
HIGH SPEED PROCESSOR - FASTEST PROCESSOR (16) I was reading a personal web site a couple of months ago that was discussing the owner's
experimentation with a 3.7 Ghz processor and liquid nitrogen cooling. If I recall correctly a speed
in the area of 5 Ghz was reached, but I don't recall exactly. Have any of you seen this site
and/or do you know where it is?....
What's Your Favorite Game System - Console
select one from each poll (175) i'm a computer game fan. it's expensive but more useful. it can be use for many purpose for
your study and entertainment. much easier to use and most common to more people.....
What's Your Favorite Kind Of Food?
(85) Well, I'm from Argentina and I like eating meat alot, but I don't like spice food, or
fattening like Fast food, but well when I'm hungry I'd eat anything, snaks are the worst,
specially if there's cheese around...I like Italian alot I make pizza all the time, in fact last
night I made two and they were pretty good. I like Japanese, because I like fish a lot too, Indian
haven't had a lot so I'm not sure. The healthiest I thinks is, make your own with a little
bit of everything.....
What's Your Current Homepage?
(100) What's your current homepage? I currently have Google as my home page. It's very fast and
very good when you want to search something.....
Looking for whats, wrong, piece, code, whats, wrong,
|
|
Searching Video's for whats, wrong, piece, code, whats, wrong,
|
advertisement
|
|
