davids_media Posted March 29, 2012 Share Posted March 29, 2012 I am currently developing an E-Commerce website for a client. At the moment, I am suffering two major headaches: 1. When users (non admin) log into the site their values are met based on the database values stored and everything is fine, except I can log in at the moment without any credentials. Therefore, this represents a huge and potentially dangerous security risk! 2. When an authorised user (member in database "user") logs out, when they are redirected to index.php, it states that someone is still logged in session. Here is the code for login.inc.php, logout.php, config.inc.php and mysql.inc.php Login - login.inc.php <?php $login_errors = array(); if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { $e = mysqli_real_escape_string ($dbc, $_POST['email']); } else { $login_errors['email'] = 'Please enter a valid email address!'; } if (!empty($_POST['pass'])) { $p = mysqli_real_escape_string ($dbc, $_POST['pass']); } else { $login_errors['pass'] = 'Please enter your password!'; } if (empty($login_errors)) { $q = "SELECT userID, username, type, IF(date_expires >= NOW(), true, false) FROM user WHERE(email='$e' AND pass='" . get_password_hash($p) . "')"; $r = mysqli_query ($dbc, $q); if (mysqli_num_rows($r) == 1) { // Get the data: $row = mysqli_fetch_array ($r, MYSQLI_NUM); // If the user is an administrator, create a new session ID to be safe: if ($row[2] == 'admin') { session_regenerate_id(true); $_SESSION['user_admin'] = true; } $_SESSION['userID'] = $row[0]; $_SESSION['username'] = $row[1]; if ($row[2] == 'admin') $_SESSION['user_admin'] = true; if ($row[3] == 1) $_SESSION['user_not_expired'] = true; echo '<div id="right">'; echo "<h1>Hi : <span>$row[1]</span></h1>"; echo '</div>'; } else { $login_errors['login'] = 'The email address and password do not match those on file.'; } } // End of $login_errors IF. Logging out - logout.php <?php require ('includes/config.inc.php'); // If the user isn't logged in, redirect them: redirect_invalid_user(); // Destroy the session: $_SESSION = array(); // Destroy the variables. if (session_id() != " " || isset($_COOKIE[session_name()])) setcookie(session_name(), '', time() - 2592000, '/'); session_destroy(); // Destroy the session itself. setcookie (session_name(), '', time()-300); // Destroy the cookie. // Include the header file: $page_title = 'Logout'; include ('includes/header.html'); // Print a customized message: include ('includes/main.html'); echo '<div id="right">'; echo '<h1>Logged : Out</h1>'; echo '<p>Thank you for visiting. You are now logged out. Please come back soon!</p>'; echo '</div>'; // Footer file needs the database connection: require (MYSQL); // Include the HTML footer: include ('includes/footer.html'); ?> Configuration File <?php $live = false; $contact_email = 'davids_media@yahoo.co.uk'; define ('BASE_URI', '/includes/'); define ('BASE_URL', '127.0.0.1:8080/hair_extensions/'); define ('MYSQL', BASE_URI . 'mysql.inc.php'); session_start(); if(isset($_SESSION['views'])) $_SESSION['views']=$_SESSION['views']+1; else $_SESSION['views']=1; echo "Views=". $_SESSION['views']; function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) { global $live, $contact_email; $message = "An error occurred in script '$e_file' on line $e_line:\n$e_message\n"; $message .= print_r(debug_backtrace(), 1); $message .= print_r ($e_vars, 1); if (!$live) { echo '<div class="error">' . nl2br($message) . '</div>'; } else { error_log ($message, 1, $contact_email, 'From:lil_dave_morgan@yahoo.co.uk'); if ($e_number != E_NOTICE) { echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div>'; } } return true; } set_error_handler ('my_error_handler'); function redirect_invalid_user($check = 'userID', $destination = 'index.php', $protocol = 'http://') { if (!isset($_SESSION[$check])) { $url = $protocol . BASE_URL . $destination; header("Location: $url"); exit(); } } Database Connection <?php DEFINE ('DB_USER', 'LilDaveM'); DEFINE ('DB_PASSWORD', 'dave'); DEFINE ('DB_HOST', 'localhost'); DEFINE ('DB_NAME', 'hairext'); $dbc = mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); mysqli_set_charset($dbc, 'utf8'); function escape_data ($data) { global $dbc; if (get_magic_quotes_gpc()) $data = stripslashes($data); return mysqli_real_escape_string ($dbc, trim ($data)); } function get_password_hash($password) { global $dbc; return mysqli_real_escape_string ($dbc, hash_hmac('sha256', $password, 'c#haRl891', true)); } ?> I apologise if this is very long winded but I have been trying for days to get to the bottom of this issue, help would be really really appreciated please. Link to comment Share on other sites More sharing options...
Larry Posted March 30, 2012 Share Posted March 30, 2012 Giving it a cursory look, I don't see anything obviously wrong, but I'm also not 100% clear as to your problems. Could you clarify your issues and also state what debugging steps you've taken and what the results were? Link to comment Share on other sites More sharing options...
theaceofthespade Posted April 1, 2012 Share Posted April 1, 2012 firstly, it can't hurt to do: if( isset($_POST['var']) && whatevercondition($_POST['var']) ) php will not evaluate the second condition if the first is false. I also would do something like strlen>minpaswordlength instead of empty. Just looking at your code, we really need your actual login page to see what you're talking about (form included). But off the top of my head, for the logging in without anything, have you looked at your database to see if you have an entry with a blank email/password? Link to comment Share on other sites More sharing options...
davids_media Posted April 1, 2012 Author Share Posted April 1, 2012 I cannot seem to put attachments to any replies yet so i'll have to jus post some more of my code so i do apologise for this. index.php <?php error_reporting(E_ALL ^ E_NOTICE); ini_set("display_errors", 1); require ('./includes/config.inc.php'); //$_SESSION['userID']=1; // //$_SESSION['type']='admin'; require (MYSQL); include ('./includes/header.html'); include ('./includes/main.html'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { include ('./includes/login.inc.php'); } echo <<<_END <div id="right"> <form id="frmSearch"> <input type="text" name="search" value="Search for a product..." onfocus="if(this.value==this.defaultValue)this.value='';" onblur="if(this.value=='')this.value=this.defaultValue;" id="txtSearch" /> <input type="submit" name="submit" value="Search" id="btnSearch" /> </form> <br /> <div id="shop"> <div class="shoprow"> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Human Hair</a></li> </div> </div> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Pony Tails</a></li> </div> </div> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Scrunchies</a></li> </div> </div> </div> <br /> <div class="shoprow"> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Full Heads</a></li> </div> </div> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Synthetic Hair</a></li> </div> </div> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Accessories</a></li> </div> </div> </div> <br /> <div class="shoprow"> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Contact Lenses</a></li> </div> </div> <div class="shopcell"> <img src="includes/inc_pics/SCRUNCHIES.jpg" width="100" height="100" /> <div class="shopsubcell"> <li><a href="#">Lip Tattoos</a></li> </div> </div> </div> </div> </div> _END; include ('./includes/footer.html'); ?> header.html <!DOCTYPE html> <html> <head> <!--[if lt IE9]> <script src="http://html5shiv.googlecode.com/svn/trunk/html5.js></script> <![endif]--> <meta charset="utf-8" /> <title> <?php $page_title = "Home"; if(isset($page_title)) { echo 'Hair Extensions Shop' . ' | ' . $page_title; } ?> </title> <script src="js/jquery-1.7.1.min.js" type="text/javascript"></script> <script src="js/jquery.jcarousel.js" type="text/javascript"></script> <link href="css/main.css" rel="stylesheet" type="text/css" media="screen, projection" /> <link href="css/menu.css" rel="stylesheet" type="text/css" /> <link href="css/carousel.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" type="text/css" href="http://yui.yahooapis.com/3.4.1/build/cssreset/reset.css"> <link href="css/tablet.css" rel="stylesheet" type="text/css" media="all and (min-width: 481px) and (max-width: 480px)" /> <link href='http://fonts.googleapis.com/css?family=Kelly+Slab' rel='stylesheet' type='text/css'> <link href='http://fonts.googleapis.com/css?family=Rokkitt' rel='stylesheet' type='text/css'> <script type="text/javascript"> $(document).ready(function () { $('#accordion a.item').click(function () { /* FIRST SECTION */ //slideup or hide all the Submenu $('#accordion li').children('ul').slideUp('slow'); //remove all the "Over" class, so that the arrow reset to default $('#accordion a.item').each(function () { if ($(this).attr('rel')!='') { $(this).removeClass($(this).attr('rel') + 'Over'); } }); /* SECOND SECTION */ //show the selected submenu $(this).siblings('ul').slideDown('slow'); //add "Over" class, so that the arrow pointing down $(this).children('a').addClass($(this).children('li a').attr('rel') + 'Over'); return false; }); }); </script> <!-----------------------------------------------------------------------------------> <script type="text/javascript"> function mycarousel_initCallback(carousel) { // Disable autoscrolling if the user clicks the prev or next button. carousel.buttonNext.bind('click', function() { carousel.startAuto(0); }); carousel.buttonPrev.bind('click', function() { carousel.startAuto(0); }); // Pause autoscrolling if the user moves with the cursor over the clip. carousel.clip.hover(function() { carousel.stopAuto(); }, function() { carousel.startAuto(); }); }; jQuery(document).ready(function() { jQuery('#mycarousel').jcarousel({ auto: 2, wrap: 'last', initCallback: mycarousel_initCallback }); }); </script> </head> <body> <!-- THE MAIN HEADER FOR THE WEBSITE --> <header> <!-- THE WEBSITE LOGO --> <div class="logo"> </div> <!-- END OF THE WEBSITE LOGO --> <!-- THE DYNAMIC JQUERY IMAGE SLIDER --> <div class="slider"> <!-- IMAGE CAROUSEL FOR SHOWCASING WORK --> <div class="tick"> <ul id="mycarousel" class="jcarousel-skin-tango"> <li>Welcome</li> <li>To The</li> <li>Website</li> </ul> </div> <!-- END OF IMAGE CAROUSEL FOR SHOWCASING WORK --> </div> <!-- END OF THE DYNAMIC JQUERY IMAGE SLIDER --> </header> <!-- END OF THE MAIN HEADER FOR THE WEBSITE --> main.html <!-- THE MAIN CONTENT --> <div id="main"> <!-- THE LEFT HAND SIDE CONTENT --> <div id="left"> <!-- THE SITE NAVIGATION --> <ul id="accordion"> <li> <a href="#" class="item popular" rel="popular">Shop</a> <ul> <li><a href="#">Human Hair</a></li> <li><a href="#">Pony Tails</a></li> <li><a href="#">Scrunchies</a></li> <li><a href="#">Full Heads</a></li> <li><a href="#">Synthetic Hair</a></li> <li><a href="#">Accessories</a></li> <li><a href="#">Contact Lenses</a></li> <li><a href="#">Lip Tattoos</a></li> </ul> </li> <li> <a href="about.php">About Us</a> </li> <li> <a href="contactus.php">Contact Us</a> </li> </ul> <ul id="accordion"> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { include ('includes/login.inc.php'); } require_once ('./includes/form_functions.inc.php'); if (isset($_SESSION['userID'])) { echo '<li><a href="logout.php">Logout</a></li>'; echo 'You are LOGGED IN!!!'; if (isset($_SESSION['user_admin'])) { echo '<h2>ADMIN</h2>'; } } else { require ('includes/login_form.inc.php'); echo '<li><a href="register.php">Register</a></li>'; echo 'Nobody is LOGGED IN!!!'; } ?> </ul> <!-- END OF THE SITE NAVIGATION --> </div> <!-- END OF THE LEFT HAND SIDE CONTENT --> </div> <!-- END OF THE THE MAIN CONTENT --> footer.html <!-- THE FOOTER CONTENT --> <footer> <p> <div class="col1"> <h2>Customer Service</h2> <li><a href="#">Terms & Conditions</a></li> <li><a href="#">Privacy Policy</a></li> <li><a href="#">FAQ</a></li> </div> <div class="col2"> <h2>Social Media</h2> <li><a href="#">Facebook</a></li> <li><a href="#">Twitter</a></li> <li><a href="#">YouTube</a></li> </div> <div class="col3"> <h2>Site Links</h2> <li><a href="about.php">About Us</a></li> <li><a href="#">Shop</a></li> <li><a href="contactus.php">Contact Us</a></li> </div> </p> <div class="sub"> <li class="line1" >Copyright 2012 | <a href="http://www.davidsmedia.co.uk" target="_BLANK">David's Media</a> </li> <li class="line2" > <a href="#">Hair Extensions Shop</a> | North Wales </li> </div> </footer> <!-- END OF THE FOOTER CONTENT --> </body> </html> main.css /* THIS IS THE STYLESHEET WHICH CONTROLS THE LAYOUT OF THE WEBSITE */ /* BODY OF THE WEBSITE */ body, html { margin: 0; padding: 0; height: 100%; min-width: 1200px; max-width: 1700px; background-image: url(../images/bg.png); font-family: 'Rokkitt', serif; background-repeat: none; background-size: 1200px 1600px; background-position: right top; } /* END OF BODY OF THE WEBSITE */ /* CSS FOR THE FONT */ @font-face { font-family: 'Rokkitt', serif; url(http://fonts.googleapis.com/css?family=Rokkitt); } /* END OF CSS FOR THE FONT */ /* ---------------------------------------------------------------------------------------------------- */ /* WEBSITE HEADER, LOGO & SLIDER */ header { height: 150px; margin-top: 0; padding-top: 10px; width: 100%; clear: none; } .logo { width: 500px; height: 250px; margin: 10px; margin-left: 100px; float: left; position: absolute; border: 1px solid #ef2929; background-image: url(../images/logo5.jpg); background-repeat: no-repeat; background-color: #ffffff; } .slider { width: 500px; height: 300px; border: 5px solid #ef2929; margin: 10px; float: right; position: absolute; left: 700px; background-color: #ffffff; } /* END OF WEBSITE HEADER, LOGO & SLIDER */ /* ---------------------------------------------------------------------------------------------------- */ #main { width: 100%; height: 1400px; margin-top: 0; padding-top: 10px; clear: none; } /* ---------------------------------------------------------------------------------------------------- */ /* LEFT CONTENT */ #left { width: 350px; height: 500px; padding-top: 10px; margin-top: 150px; float: left; position: absolute; left: 0; } /* END OF LEFT CONTENT */ /* ---------------------------------------------------------------------------------------------------- */ /* RIGHT CONTENT */ #right { height: 300px; width: 1000px; float: right; margin-top: 150px; padding-top: 10px; position: absolute; left: 260px; top: 170px; } #right h1 { font-size: 60px; text-shadow: 0 0 1px rgba(0,0,0,0.9); margin-left: 175px; margin-top: 50px; } #right h1 span { color: #ef2929; text-shadow: 0 0 1px rgba(239,41,41,0.9); } #right p { width: 650px; margin-left: 175px; line-height: 40px; font-size: 30px; text-shadow: 0 0 1px rgba(0,0,0,0.5); } #right p span { color: #ef2929; text-shadow: 0 0 1px rgba(239,41,41,0.9); } #right hr { width: 700px; border: 1px solid #000000; margin-top: 20px; margin-bottom: 20px; } #shop { width: 800px; height: 250px; float: left; left: 90px; position: absolute; display: table; padding: 20px; text-align: center; margin-top: 50px; } .shoprow { display: table-row; } .shopcell { display: table-cell; } .shopcell img { margin-left: 40px; border: 5px solid #ef2929; width: 220px; height: 220px; } .shopsubcell { display: table-cell; } .shopsubcell li { list-style-type: none; width: 200px; } .shopsubcell li a { text-decoration: none; background-color: #ef2929; color: #ffffff; font-size: 20px; text-shadow: 0 0 1px rgba(255,255,255,0.2); letter-spacing: 1px; padding: 10px; float: left; margin-left: 40px; } /* END OF RIGHT CONTENT */ /* ---------------------------------------------------------------------------------------------------- */ form { text-shadow: 0 0 1px rgba(0,0,0,0.5); color: #000000; } /* ALL CONTENT FOR SEARCHING */ #frmSearch { padding: 10px; margin-left: 140px; margin-top: 100px; margin-bottom: 20px; } #frmSearch input { border: none; width: 300px; position: absolute; border: 5px solid #ef2929; padding: 10px; color: #2e3436; font-size: 14px; } #frmSearch input#btnSearch { -moz-border-radius-bottomright: 5px; -moz-border-radius-topright: 5px; -webkit-border-bottom-right-radius: 5px; -webkit-border-top-right-radius: 5px; -o-border-bottom-right-radius: 5px; -o-border-top-right-radius: 5px; -ms-border-bottom-right-radius: 5px; -ms-border-top-right-radius: 5px; width: 100px; background-color: #ef2929; color: #ffffff; text-shadow: 0 0 1px rgba(255,255,255,0.2); font-family: 'Rokkitt', serif; font-size: 20px; position: absolute; left: 440px; height: 45px; } /* END OF ALL CONTENT FOR SEARCHING */ /* ALL CONTENT FOR CONTACT US FORM */ #frmContact { margin-left: 100px; margin-top: 50px; padding: 10px; font-size: 25px; margin-left: 175px; text-shadow: 0 0 1px rgba(239,41,41,0.5); } #frmContact input, textarea { width: 300px; border: 5px solid #ef2929; color: #2e3436; font-size: 100%; } #frmContact input { float: right; right: 350px; position: relative; } #frmContact textarea { float: right; resize: none; position: relative; right: 350px; } #frmContact input#btnSend { background-color: #ef2929; color: #ffffff; text-shadow: 0 0 1px rgba(255,255,255,0.2); width: 75px; font-family: 'Rokkitt', serif; font-size: 20px; margin-top: 250px; position: absolute; right: 360px; border-radius: 5px; } /* END OF ALL CONTENT FOR CONTACT US FORM */ /* ALL CONTENT FOR REGISTRATION FORM */ #frmReg { margin-top: 0px; padding: 20px; font-size: 25px; margin-left: 150px; text-shadow: 0 0 1px rgba(0,0,0,0.5); color: #000000; } #frmReg input, textarea { width: 250px; border: 5px solid #ef2929; color: #2e3436; font-size: 100%; } #frmReg input { float: right; right: 350px; position: relative; } #frmReg textarea { float: right; resize: none; position: relative; right: 250px; } #frmReg input#btnNext { background-color: #ef2929; color: #ffffff; text-shadow: 0 0 1px rgba(255,255,255,0.2); width: 75px; font-family: 'Rokkitt', serif; font-size: 20px; margin-top: 50px; position: absolute; right: 270px; border-radius: 5px; } small { width: 250px; font-size: 12px; margin-left: 400px; margin-top: 5px; padding: 5px; border: 1px solid #000000; position: absolute; } /* END OF ALL CONTENT FOR REGISTRATION FORM */ /* ALL OTHER CONTACT US PAGE STUFF */ .con { } .con p { margin-left: 100px; font-size: 20px; } /* END OF ALL OTHER CONTACT US PAGE STUFF */ /* ---------------------------------------------------------------------------------------------------- */ footer { height: 170px; width: 100%; padding: 0; padding-top: 20px; } footer h2 { color: #ef2929; font-weight: lighter; text-shadow: 0 0 1px rgba(239,41,41,0.5); font-size: 30px; margin-left: 20px; } .col1, .col2, .col3 li { list-style-type: none; text-shadow: 0 0 1px rgba(0,0,0,0.5); font-size: 25px; } .col1 li a { color: #000000; text-decoration: none; margin-left: 20px; } .col2 li a { color: #000000; text-decoration: none; margin-left: 20px; } .col3 li a { color: #000000; text-decoration: none; margin-left: 20px; } .sub { list-style-type: none; margin-top: 200px; } .sub li { display: inline; color: #000000; text-shadow: 0 0 1px rgba(0,0,0,0.5); font-size: 20px; } .sub li a { text-decoration: none; color: #000000; } .sub li a:hover { text-decoration: underline; } .line1 { float: left; margin-left: 20px; } .line2 { float: right; margin-right: 20px; } .col1 { float: left; position: absolute; width: 400px; margin-left: 200px; } .col2 { position: absolute; width: 400px; margin-left: 500px; } .col3 { float: right; position: absolute; width: 400px; margin-left: 800px; } these are the html and css files, usually they are kept in the "includes" and "css" folders respectively thanks Link to comment Share on other sites More sharing options...
theaceofthespade Posted April 2, 2012 Share Posted April 2, 2012 if you use "require_once" as I suggested, it will resolve your problem. You are including your mysql file once in the index, and then again in your login script. Link to comment Share on other sites More sharing options...
davids_media Posted April 2, 2012 Author Share Posted April 2, 2012 thanks guys, you have all been really helpful, i changed it in the index.php page to "require_once" (for both config and mysql) and I have managed finally to get it working 100%. Link to comment Share on other sites More sharing options...
Larry Posted April 2, 2012 Share Posted April 2, 2012 And there really was no need to post your CSS code. Also, I don't allow file uploads (attachments) because it's not reasonable to expect people to look through tons and tons of code. Best to only post the relevant code. Link to comment Share on other sites More sharing options...
davids_media Posted April 2, 2012 Author Share Posted April 2, 2012 thats ok larry thank you for letting me know Link to comment Share on other sites More sharing options...
Recommended Posts