我刚刚发现了一个非常重大的漏洞,在我的代码,同时做一些测试,防止用户具有相同的用户名
基本上,如果我的用户名是“admin”和密码是说“12345” ... 和一个用户加入并选择了名称“Admin”和相同的密码“12345” 当他/她去登录他们将在我的帐户在网站上,你可以想像我已经创造了一个很大的缺陷,因为这会影响网站上的每个潜在用户。
所以,我的问题是我可以在此声明中更改哪些内容,以便检查是否存在确切的匹配。
WHERE login_name ='$user' AND user_password ='$pass' LIMIT 1";
继承人的login_process.php文件
<?php
require_once("includes/session.php");
$connection = mysql_connect("localhost", "user", "password");
if(!$connection)
{
die("Database connection failed: " . mysql_error());
}
$db_select = mysql_select_db("game", $connection);
if(!$db_select)
{
die("Database selection failed: " . mysql_error());
}
$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$pass = sha1($pass);
// Need to make a change to the below query, as it doesn't match for case sensitivity.
$query = "SELECT user_id, user_name, user_level FROM users WHERE login_name ='$user' AND user_password ='$pass' LIMIT 1";
$result=mysql_query($query);
if(mysql_num_rows($result) == 1)
{
$found_user = mysql_fetch_array($result);
$_SESSION['user_id'] = $found_user['user_id'];
$_SESSION['user_name'] = $found_user['user_name'];
$_SESSION['user_level'] = $found_user['user_level'];
header("Location: index.php");
}
else
{
echo "The username or password you entered was incorrect. <br/> Please click <a href='login.php'>Here</a> to try again.";
}
?>
因此,你想防止有人猜测你的密码? – Dani
不,密码不是问题(如果它实际上是12345,那就是!!),当查询被评估时,它将接受“Admin”作为用户名,当它与用户的“admin”比较时表。 – noscript
如果我理解正确,您希望查询区分大小写? http://dev.mysql.com/doc/refman/5.0/en/case-sensitivity.html – Harri