Home/ Questions/Q 7177893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T16:48:32+00:00

On my website I have a user login system, when they login they are

  • 0

On my website I have a user login system, when they login they are taken to their profile page, which is deism ate by their uid. The thing is, there was nothing to stop a user just changing the uid and going to someone else’s profile and Acting as them. To stop this I implemented a URL/MySQL system by which if the uid of the user is not the uid in the URL, they are redirected to their own profile. The problem here is that on the profile there are forms which change the URL, in doing so removing the uid query, resulting in the page (because the uid is missing) taking you to your profile and ignoring the form input.

The code is: 

<?php
mysql_connect ('x', 'x', 'x');
mysql_select_db ('x');

if(isset($_COOKIE['wd_un'])) {
    $un = $_COOKIE['wd_un'];
    $pass = $_COOKIE['wd_pass'];

    $cook = "SELECT * FROM x WHERE username = '$un' AND password = '$pass' limit 1";
    $cookr = mysql_query($cook) or die (mysql_error());
        if(mysql_num_rows($cookr) == 0) {
            header ("Location: index.php");
        }
        else {
            $urluid = mysql_real_escape_string($_GET['uid']);
            $uidcheck = "SELECT * FROM x WHERE username = '$un' AND password = '$pass'";
            $uidcheckq = mysql_query($uidcheck) or die (mysql_error());
            while($rcu = mysql_fetch_assoc($uidcheckq)) {
                $dbuid = $rcu['uid'];
                        if($urluid != $dbuid) {
                            header ("location: home.php?uid=$dbuid");
                        }
                        else {
                        }
            }
        }
    }
mysql_close();
?>

Is there a work around?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This code block you have here is riddled with badness.

    First, you should absolutely never store a user’s password in a cookie.
    You SHOULD store only a session ID in the cookie, then store the rest of the session data in a session table in your DB that contains the user’s id and any other things that you may want to have basic access to… password should not be in this table either.

    Now, you can use the user_id in the URL safely cause the cross reference will keep people out.

    on load of course you cross reference the mysql result from your session table that was pulled based on your cookie id. Obviously boot them if they don’t match.

    As for your form redirecting, you need to restructure how you handle posting then. You can make your profile page always pull only the profile related to the session id in your cookie. That would remove the dependency on URL and solve this problem completely.

    Also – Please look into mysql_real_escape_string() to sanitize your inputs. It is incredibly dangerous to blindly accept cookie info for a mysql query. Unless you really do aim to leave huge injection holes in your site.

    • 0