Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Password Encryption and SQL Injection Vulnerability in config.php #64

Open
Vignesh-Jothi opened this issue Dec 2, 2023 · 0 comments
Open

Comments

@Vignesh-Jothi
Copy link

  1. Password Encryption:
    The code uses the outdated md5 function for password encryption, which is considered weak. It's recommended to use password_hash and password_verify for more secure password handling.

  2. SQL Injection:
    The code is susceptible to SQL injection attacks as it directly interpolates user inputs into SQL queries. Using prepared statements helps prevent SQL injection by separating data from the query.

Fix Details:

  1. Password Encryption:

    • Issue: Using md5 for password hashing is insecure.
    • Fix:
      // Change this line
      $password = md5($password_1);
      
      // To
      $hashed_password = password_hash($password_1, PASSWORD_DEFAULT);
  2. SQL Injection:

    • Issue: Lack of prepared statements in the user check query.
    • Fix:
      // Change this block
      $user_check_query = "SELECT * FROM register WHERE Name='$username' OR email='$email' LIMIT 1";
      $result = mysqli_query($db, $user_check_query);
      
      // To
      $user_check_query = $db->prepare("SELECT * FROM register WHERE Name=? OR email=? LIMIT 1");
      $user_check_query->bind_param('ss', $username, $email);
      $user_check_query->execute();
      $result = $user_check_query->get_result();

Additional Recommendations:

  1. Error Handling:

    • Add error handling for database queries to provide meaningful error messages.
    $result = $user_check_query->get_result();
    if (!$result) {
        die('Error executing query: ' . $user_check_query->error);
    }
  2. Session Start Check:

    • Check if the session is already started before calling session_start() to avoid potential issues.
    if (session_status() == PHP_SESSION_NONE) {
        session_start();
    }
  3. Logging Out:

    • If you have a logout functionality, include a secure way to destroy the session.
    if (isset($_GET['logout'])) {
        session_destroy();
        unset($_SESSION['Name']);
        header("location: index.php");
    }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant