Add secure version of the website

netlight · Jan 14, 2017 · 87bd0d6 · 87bd0d6
1 parent 6217191
commit 87bd0d6
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 14 deletions.
diff --git a/secure/db/config.php b/secure/db/config.php
@@ -3,7 +3,7 @@
    // The DB credentials should not be be stored in source control, but they are include here to provide a complete example.  
    define('DB_USERNAME', 'sec_user');
    define('DB_PASSWORD', 'DgWWTcq!SfjP49Xr');
-   define('DB_DATABASE', 'security_challenge');
+   define('DB_DATABASE', 'security_challenge_secure');
    $db = new mysqli(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
    $db->set_charset("utf8");
 ?>
diff --git a/secure/db/security_challenge.sql b/secure/db/security_challenge.sql
@@ -17,10 +17,10 @@ SET time_zone = "+00:00";
 /*!40101 SET NAMES utf8 */;
 
 --
--- Database: `security_challenge`
+-- Database: `security_challenge_secure`
 --
-CREATE DATABASE IF NOT EXISTS `security_challenge` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
-USE `security_challenge`;
+CREATE DATABASE IF NOT EXISTS `security_challenge_secure` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+USE `security_challenge_secure`;
 
 -- --------------------------------------------------------
 
@@ -88,7 +88,7 @@ CREATE TABLE IF NOT EXISTS `users` (
 --
 
 INSERT INTO `users` (`id`, `username`, `password`) VALUES
-(1, 'admin', 'Welc0meT0NetlightEdgeC0nferenceInSt0ckh0lm!');
+(1, 'admin', '$2y$10$U1CgqDD8Y4VK5EFoF5H48.hHjNc2kQIjAMLGU1fj9Dsf.iOhn.y4W');
 
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
@@ -97,6 +97,6 @@ INSERT INTO `users` (`id`, `username`, `password`) VALUES
 --
 -- Create database user
 --
-GRANT SELECT ON `security_challenge`.* TO 'sec_user'@'localhost';
+GRANT SELECT ON `security_challenge_secure`.* TO 'sec_user'@'localhost';
 SET PASSWORD FOR 'sec_user'@'localhost' = '*D8D83CD772490A5A5E41D880C313D3AE8C95EB3E';
 FLUSH PRIVILEGES;
diff --git a/secure/index.php b/secure/index.php
@@ -5,14 +5,15 @@
 	if (isset($_POST['username']) and isset($_POST['password'])) {
 		$username = $_POST['username'];
 		$password = $_POST['password'];
-		$query = "SELECT id FROM users WHERE password = '$password' AND username = '$username'";
-		$result = $db->query($query);
+		$stmt = $db->prepare("SELECT password FROM users WHERE username = ?");
+		$stmt->bind_param('s', $username);
+		$stmt->execute();
+		$result = $stmt->get_result();
 		if (!$result) {
 			$error = $db->error;
 		} else {
-			$count = $result->num_rows;
-			// If result matched $username and $password, $count must be 1
-			if ($count == 1) {
+			$row = $result->fetch_assoc();
+			if (password_verify($password, $row['password'])) {
 				$_SESSION['current_user'] = $username;
 				header("location: welcome.php");
 			} else {

diff --git a/secure/welcome.php b/secure/welcome.php
@@ -2,11 +2,13 @@
 	include('session.php');
 	if (isset($_POST['search'])) {
 		$searchInput = $_POST['search'];
-		$query = "SELECT city, address, phone FROM offices WHERE city LIKE '$searchInput'";
+		$stmt = $db->prepare("SELECT city, address, phone FROM offices WHERE city LIKE ?");
+		$stmt->bind_param('s', $searchInput);
 	} else {
-		$query = "SELECT city, address, phone FROM offices";
+		$stmt = $db->prepare("SELECT city, address, phone FROM offices");
 	}
-	$result = $db->query($query);
+	$stmt->execute();
+	$result = $stmt->get_result();
 	if (!$result) {
 		$error = $db->error;
 	}