0

I want to make a login page, if the use type the username and password correctly, it will rediret to the two factor authentication page. I want every user have a different qr code, but my problem is how the website know which user I type. I also want to set when the user is first time to login, it will show the qrcode let the user scan, if the user login after first time,it won't show the qrcode, how to set it, and fix that problem.

Thanks!

<?php
if (isset($_POST['login'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $existing  = "";
    $something = "The username or password is not correct";

  $sql = "SELECT * FROM users WHERE username='$username' && password='$password'";
  require_once ('db.php');
  $qry=mysqli_query($conn, $sql) or die ("Error");
  $count = mysqli_num_rows($qry);

    if($count==1) {
    setcookie($username);
  }
  else {
    $output = $something;
  }

}

?>
simdpi
  • 1
  • 1
  • Do you have any code? You create a login page then gets user and password. You then redirection to 2FA and create a qr code with random characters. If verify on mobile by your app, you send a response. And why phpmyadmin is there? – JoelCrypto May 28 '22 at 06:32
  • hi bro, my idea is the user login in at the first time, it will show the qrcode, in the second login, it won't show the qrcode and I also went the user secret is fixed so I will set the secret in phpmyadmin. – simdpi May 28 '22 at 08:15
  • Do you have some piece of code? – JoelCrypto May 28 '22 at 09:10
  • I have, you can see above the text – simdpi May 28 '22 at 10:19

1 Answers1

1

Many issues here.

  1. Your code is sensible to SQL injection.
  2. Your code is sensible to timing attacks and your password is in plain. You need to get the password and verify it in PHP.
  3. You may not set a cookie with the username as it can be changed by browser so session hijacking is easy. Use sessions instead.
  4. You need to check for many sessions then. Then use an external library for QR code.
JoelCrypto
  • 462
  • 2
  • 12