patternphpMinor
Exploitable holes in login script
Viewed 0 times
scriptholesloginexploitable
Problem
This is my most recent login system I have been developing. It is working with Sessions. I want to know if I am doing well, if my code contains any serious exploits, and if my logic is correct.
This is the login class, handling everything related to users:
```
/**
* UserHandler.class
*
* Handling login/logout and others
*
* @Author Jony
**/
Class UserHandler
{
/**
* Properties
**/
protected $pdo;
private $query;
private $fetch;
private $delete;
private $update;
private $check;
private $insert;
private $get;
/**
* Constructor
*
* Creating MySQL connection using PDO
**/
public function __construct($pdo)
{
$this->pdo = $pdo;
}
/**
* Method login
*
* Logs the user in, securly.
*
* @param username The entered username
* @param password The entered password
* @param ip The computer's IP
**/
public function login($username, $password, $ip)
{
/ Checking if there are any attempts with that ip/
$this->check = $this->pdo->prepare("SELECT * FROM login_attempts WHERE ip = :ip");
$this->check->execute(array("ip" => $ip));
/ Checking if there are any attempt histories with that ip /
$this->get = $this->pdo->prepare("SELECT * FROM login_attempts_history WHERE ip = :ip");
$this->get->execute(array("ip" => $ip));
/ Fetching from login_attempts /
$this->fetch = $this->check->fetch(PDO::FETCH_ASSOC);
/ Fetching from login_attempts_history /
$this->query = $this->get->fetch(PDO::FETCH_ASSOC);
// If history attempts is more than 20, block user for 1 day.
if ($this->query['attempts'] > 20)
{
$this->update = $this->pdo->prepare("UPDATE login_attempts_history SET blocked = 1 WHERE ip = :ip");
$this->update->execute(array("ip" => $ip));
}
// If not blocked, process..
if ($this->query['bloc
This is the login class, handling everything related to users:
```
/**
* UserHandler.class
*
* Handling login/logout and others
*
* @Author Jony
**/
Class UserHandler
{
/**
* Properties
**/
protected $pdo;
private $query;
private $fetch;
private $delete;
private $update;
private $check;
private $insert;
private $get;
/**
* Constructor
*
* Creating MySQL connection using PDO
**/
public function __construct($pdo)
{
$this->pdo = $pdo;
}
/**
* Method login
*
* Logs the user in, securly.
*
* @param username The entered username
* @param password The entered password
* @param ip The computer's IP
**/
public function login($username, $password, $ip)
{
/ Checking if there are any attempts with that ip/
$this->check = $this->pdo->prepare("SELECT * FROM login_attempts WHERE ip = :ip");
$this->check->execute(array("ip" => $ip));
/ Checking if there are any attempt histories with that ip /
$this->get = $this->pdo->prepare("SELECT * FROM login_attempts_history WHERE ip = :ip");
$this->get->execute(array("ip" => $ip));
/ Fetching from login_attempts /
$this->fetch = $this->check->fetch(PDO::FETCH_ASSOC);
/ Fetching from login_attempts_history /
$this->query = $this->get->fetch(PDO::FETCH_ASSOC);
// If history attempts is more than 20, block user for 1 day.
if ($this->query['attempts'] > 20)
{
$this->update = $this->pdo->prepare("UPDATE login_attempts_history SET blocked = 1 WHERE ip = :ip");
$this->update->execute(array("ip" => $ip));
}
// If not blocked, process..
if ($this->query['bloc
Solution
If I manually set a cookie in my browser with the name 'remember_me', then I am logged in because you are not doing any validation on the cookie to make sure it is a valid cookie and not a forged cookie.
Context
StackExchange Code Review Q#27510, answer score: 5
Revisions (0)
No revisions yet.