0

I'm working on a database login system in PHP but one of my users has an exclamation mark in his password which breaks it, The line where it says ($password = $_GET['p'];) is where the password gets passed in

$username = $_GET['u'];
$password = $_GET["p"];
function userLoginIpb($username, $password) { //select the password information froms elected user
          $query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT `members_pass_salt`, `members_pass_hash` FROM `members` WHERE `name` = '$username'");
          $results = mysqli_fetch_assoc($query);
          $password = md5(md5($results['members_pass_salt']).md5($password));
          if ($password == $results['members_pass_hash']) {
              return true;
          } else {
              return false;
          }
giannisf
  • 2,479
  • 1
  • 17
  • 29
Pavilion Sahota
  • 105
  • 1
  • 1
  • 4
  • 1
    Sidenote: *"The line where it says ($password = $_GET['p'];) is where the password gets passed in"* - That isn't very safe. Use POST and don't use MD5 if you intend on going live with this. MD5 is MD5, any way you slice it. – Funk Forty Niner Feb 27 '16 at 19:11

2 Answers2

0

The issue is your $_GET[] request, since a ! character will be encoded to %21. Since you're working on the system, do it the correct way instead.

  1. Use POST requests, as you don't want the users to copy paste a link with a password in them.
  2. Use the new functions in PHP, password_hash() with password_verify() as they have a salt build into them making it quite secure and very easy to work with.
  3. Bind values to a SQL string do not blindly put them in there as you are currently open to an easy SQL injection. Adding a password like pass; DROP TABLE members; will break it.
Xorifelse
  • 7,878
  • 1
  • 27
  • 38
0

You need to use mysqli_real_escape_string:

<?php

$username = $_GET['u'];
$password = $_GET["p"];

// select the password information froms elected user
function userLoginIpb($username, $password)
{
    global $___mysqli_ston;

    $s = mysqli_real_escape_string($___mysqli_ston, $username);
    $query = mysqli_query($___mysqli_ston, "SELECT `members_pass_salt`, `members_pass_hash` FROM `members` WHERE `name` = '$s'");
    $results = mysqli_fetch_assoc($query);
    $password = md5(md5($results['members_pass_salt']).md5($password));

    return $password == $results['members_pass_hash'];
}

Also take a look at PDO.

vbarbarosh
  • 3,502
  • 4
  • 33
  • 43