Re: [PHP-DB] Re: Beginners Problem

Sat, 12 Jan 2008 08:13:10 -0800 

Could I recommend a more secure approach:
1) using two hashes to protect the data (in case the database is
compromised they are both one-way hashes, and using two protects
against collision attacks whereby a different password string
generates the same hash as the original password)
2) escaping user input to protect against SQL injection attacks (nasty
queries can get more data from the database than your original query
intended, or change the query's intended functionality).

Instead of:
  $chkuserquery = "SELECT userID
                  FROM $TB_USERS
                  WHERE `loginID`='$loginID' AND `password`='$password'
                  LIMIT 1";
  $chkuser = $db->query($chkuserquery);


This example utilises the mdb2 database layer:

$user_credentials = array(   //these are the credentials the user supplied
    'user_name' => addslashes($username),   //escape username input
    'user_password_md5' => md5($password),  //generate hash, no
injection is posisble
    'user_password_sha1' => sha1($password)  //due to 'scrambling' of string
);
                                
foreach ($user_credentials as $k => $v) {    //build string
    $query_values .= $k . '=' . $db->quote(trim($v)) . ' AND ';
}
                        
$query_values = '(' . substr($query_values, 0, -5) . ')';       //format
string and remove AND
                
$sql = "SELECT COUNT(user_id) AS user_count FROM user WHERE $query_values";
                        
$result = $db->query($sql);

//this if not only returns a row from the database query, it then
checks if the user_count
//field contains more than one or more results. if so, login is correct
if (($row = $result->fetchRow(MDB2_FETCHMODE_ASSOC)) && $row['user_count']){
    $valid_login = true;
    //session -> database etc
}

for this example, using 'root' and 'password', $query_values is:

(user_name='root' AND
user_password_md5='5f4dcc3b5aa765d61d8327deb882cf99' AND
user_password_sha1='5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8')

This code is identical in functionality to the previous example,
except the query has no LIMIT - this is not required as it prevents
the possibility of coding error handling for multiple accounts
(perhaps unnecessary, excepting very secure applications).


Andy

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to