Is this login page secure, researching about sql-injection, is their a vulnerability if so how do I manage it?
I previously encrypted the users details into a file and stored it locally. I also use localhost, thinking about moving to a domain. Are there any issues with storing users details in a file?
Please disregard the html
<?php session_start(); ?> <html> <body> <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>"> <input type="text" name="Username"value=""> <?php if ($_SERVER["REQUEST_METHOD"] == "POST"){ $user = $_REQUEST['Username']; } ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>"> <input type="password" name="Password"value=""> <?php if ($_SERVER["REQUEST_METHOD"] == "POST"){ $password = $_REQUEST['Password']; } if (isset($_POST['submit'])) { $file = $user.".txt"; if (file_exists($file)){ $contents = file_get_contents($file); $ciphering = "AES-128-CTR"; $iv_length = openssl_cipher_iv_length($ciphering); $options = 0; $decryption_iv = '#secret#'; $decryption_key = "#key#"; $decryption= openssl_decrypt ($contents, $ciphering, $decryption_key, $options, $decryption_iv); if($decryption==$password){ echo("details match"); setcookie("username", $user,time()+2000); $_SESSION["logged_in"] = true; $_SESSION["username"] = $user; header("Location:/login/new folder/findchat.php?username"); exit(); } else{ echo('Complete im not a robot'); } } else{echo("pasword or username is not valid");} } ?> <input type="submit"value="submit"name="submit"> </body> </html>
Apologies of my bad spelling, Thanks
Advertisement
Answer
Wow, this is awful. There’s tons of vulnerabilities. Here’s the ones that jump out at me at first glance:
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
This is vulnerable to XSS, like this: http://example.com/badlogin.php/"><script>alert("xss")</script>
$file = $user.".txt"; if (file_exists($file)){ $contents = file_get_contents($file);
Trivial directory traversal.
$decryption= openssl_decrypt ($contents, $ciphering, $decryption_key, $options, $decryption_iv); if($decryption==$password){
You’re supposed to hash passwords, not encrypt them.
About the only vulnerability you don’t have is SQL injection, and that’s because you don’t use any SQL.