Here is my authenticate.php, this is the page users are routed to after pressing the submit button on the login screen.
if ($sql = $con->prepare('SELECT id, password FROM Users WHERE username = "' . $_POST['username'] . '"')) {
$sql->execute();
$sql->store_result();
if ($sql->num_rows != 0) {
$sql->bind_result($id, $password);
$sql->fetch();
if ($_POST['password'] === $password) {
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $_POST['username'];
$_SESSION['id'] = $id;
header('Location: studenthome.php');
} else {
// Incorrect password
echo 'Incorrect username and/or password!';
}
} else {
// Incorrect username
echo 'Incorrect username and/or password!';
}
$sql->close();
}
?>
Heres my HTML login that directs to the above php authenticate page
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>UNHM Login</title>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
<link rel="stylesheet" href="index.css"
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div >
<h1>Login</h1><img src="imgs/logo.png" alt="logo">
<!-- <form action="authenticate.php" method="post"> -->
<form action = "authenticate.php" method="POST">
<label for="username">
<i ></i>
</label>
<input type="text" name="username" placeholder="Username" id="username">
<label for="password">
<i ></i>
</label>
<input type="password" name="password" placeholder="Password" id="password">
<input type="submit" name="submit" value="Login">
</form>
</div>
</body>
</html>
When i go to insert things like ' or '1'='1 into username and password i am getting the incorrect username/password message.
CodePudding user response:
You may try to use something like
'' UNION SELECT id, 'my-password' FROM Users LIMIT 1
And use my-password
as a password. Concatenated query should output the only row with some id and my-password
which will be compared against inputted one. But you will got a bit strange username at the end.