Long time back, I found this on net.
0
#
1
# login.htm
2
#
3
4
5
DOCTYPE html PUBLIC
"-//W3C//XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
>
6
<
html xmlns
=
"http://www.w3.org/1999/xhtml"
xml
:
lang
=
"en"
lang
=
"en"
>
7
<
head
>
8
<
title
>
MyWeb
.
com Login
title
>
9
<
meta http
-
equiv
=
"content-type"
content
=
"text/html; charset=iso-8859-1"
/>
10
head
>
11
12
<
body
>
13
<
form method
=
"post"
action
=
"verify.php"
>
14
<
input type
=
"text"
name
=
"user"
/>
15
<
input type
=
"password"
name
=
"pass"
/>
16
<
input type
=
"submit"
value
=
"Login"
/>
17
form
>
18
body
>
19
html
>
20
21
22
#
23
# verify.php
24
#
25
26
php
27
28
function
anti_injection
(
$user
,
$pass
)
29
{
30
# We'll first get rid of any special characters using a simple regex statement.
31
# After that, we'll get rid of any SQL command words using a string replacment.
32
33
$banlist
= array
34
(
35
"insert"
,
"select"
,
"update"
,
"delete"
,
"distinct"
,
"having"
,
"truncate"
,
"replace"
,
36
"handler"
,
"like"
,
"as"
,
"or"
,
"procedure"
,
"limit"
,
"order by"
,
"group by"
,
"asc"
,
"desc"
37
);
38
39
if (
eregi
(
"[a-zA-Z0-9]+"
,
$user
) )
40
{
41
$user
=
trim
(
str_replace
(
$banlist
,
''
,
strtolower
(
$user
) ) );
42
}
43
else
44
{
45
$user
=
NULL
;
46
}
47
48
# Now to make sure the given password is an alphanumerical string
49
# devoid of any special characters. strtolower() is being used
50
# because unfortunately, str_ireplace() only works with PHP5.
51
52
if (
eregi
(
"[a-zA-Z0-9]+"
,
$pass
) )
53
{
54
$pass
=
trim
(
str_replace
(
$banlist
,
''
,
strtolower
(
$pass
) ) );
55
}
56
else
57
{
58
$pass
=
NULL
;
59
}
60
61
# Now to make an array so we can dump these variables into the SQL query.
62
# If either user or pass is NULL (because of inclusion of illegal characters),
63
# the whole script will stop dead in its tracks.
64
65
$array
= array (
'user'
=>
$user
,
'pass'
=>
$pass
);
66
67
if (
in_array
(
NULL
,
$array
) )
68
{
69
die (
'Hacking attempt. Go play someplace else, you script kiddie.'
);
70
}
71
else
72
{
73
return
$array
;
74
}
75
}
76
77
78
# Now to filter the login data through the Anti-Injection Attack function
79
# and assign the results to an array. The values used are assuming the
80
# login form itself is using the POST method, and the username and
81
# password fields were given the names of "user" and "pass"
82
# respectively. This works with the GET method, too, but
83
# I *STRONGLY* advise you not to use it.
84
85
86
$login
=
anti_injection
(
$_POST
[
'user'
],
$_POST
[
'pass'
] );
87
88
89
# Verify the filtered user/pass combo...
90
91
$conn
=
mysql_connect
(
'localhost'
,
'sql_user'
,
'sql_pass'
);
92
$conn_db
=
mysql_select_db
(
'some_db'
,
$conn
);
93
94
$result
=
mysql_query
(
"SELECT * FROM some_table WHERE user = '"
.
$login
[
'user'
] .
"' AND pass = '"
.
$login
[
'pass'
] .
"'"
);
95
96
if (
mysql_num_rows
(
$result
) >
0
)
97
{
98
# Success!
99
100
echo
"Welcome!"
;
101
}
102
else
103
{
104
# Humiliating defeat!
105
106
echo
"Bad credentials."
;
107
}
108
109
?>
No comments:
Post a Comment