I am not very educated in PHP or Web security in general, but I strongly suspect that the code created by some software for which I work is unsafe.
Here are some snippets of what bothers me:
First problem:
$sql = "SELECT password, fullname FROM ".$mysql_table."
WHERE username = '".mysqli_real_escape_string($db,$_POST['username'])."'";
Is it wrong to get a password for a given username and then compare them in PHP, or is it better to use a password in the request itself, for example:
... WHERE username = $username AND password = $hashed_password
The second problem:
$crypt_pass = md5($_POST['password']);
if ($crypt_pass == $data['password'])
{
}
Uses md5 hashing and doesn't use salt, is that enough?
Third question:
setcookie('username', $_POST['username'], time() + 3600*24*30);
setcookie('password', $_POST['password'], time() + 3600*24*30);
Is it good to store plain / text usernames and passwords in a cookie?
Is any of this code unsafe, and if so, what should be done instead?
source
share