diff --git a/secure/db/config.php b/secure/db/config.php index 4dbc87e..f8413b8 100644 --- a/secure/db/config.php +++ b/secure/db/config.php @@ -3,7 +3,7 @@ // The DB credentials should not be be stored in source control, but they are include here to provide a complete example. define('DB_USERNAME', 'sec_user'); define('DB_PASSWORD', 'DgWWTcq!SfjP49Xr'); - define('DB_DATABASE', 'security_challenge'); + define('DB_DATABASE', 'security_challenge_secure'); $db = new mysqli(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE); $db->set_charset("utf8"); ?> \ No newline at end of file diff --git a/secure/db/security_challenge.sql b/secure/db/security_challenge.sql index 591fd10..6774a12 100644 --- a/secure/db/security_challenge.sql +++ b/secure/db/security_challenge.sql @@ -17,10 +17,10 @@ SET time_zone = "+00:00"; /*!40101 SET NAMES utf8 */; -- --- Database: `security_challenge` +-- Database: `security_challenge_secure` -- -CREATE DATABASE IF NOT EXISTS `security_challenge` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; -USE `security_challenge`; +CREATE DATABASE IF NOT EXISTS `security_challenge_secure` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; +USE `security_challenge_secure`; -- -------------------------------------------------------- @@ -88,7 +88,7 @@ CREATE TABLE IF NOT EXISTS `users` ( -- INSERT INTO `users` (`id`, `username`, `password`) VALUES -(1, 'admin', 'Welc0meT0NetlightEdgeC0nferenceInSt0ckh0lm!'); +(1, 'admin', '$2y$10$U1CgqDD8Y4VK5EFoF5H48.hHjNc2kQIjAMLGU1fj9Dsf.iOhn.y4W'); /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; @@ -97,6 +97,6 @@ INSERT INTO `users` (`id`, `username`, `password`) VALUES -- -- Create database user -- -GRANT SELECT ON `security_challenge`.* TO 'sec_user'@'localhost'; +GRANT SELECT ON `security_challenge_secure`.* TO 'sec_user'@'localhost'; SET PASSWORD FOR 'sec_user'@'localhost' = '*D8D83CD772490A5A5E41D880C313D3AE8C95EB3E'; FLUSH PRIVILEGES; \ No newline at end of file diff --git a/secure/index.php b/secure/index.php index 348d3f6..1ffcc76 100644 --- a/secure/index.php +++ b/secure/index.php @@ -5,14 +5,15 @@ if (isset($_POST['username']) and isset($_POST['password'])) { $username = $_POST['username']; $password = $_POST['password']; - $query = "SELECT id FROM users WHERE password = '$password' AND username = '$username'"; - $result = $db->query($query); + $stmt = $db->prepare("SELECT password FROM users WHERE username = ?"); + $stmt->bind_param('s', $username); + $stmt->execute(); + $result = $stmt->get_result(); if (!$result) { $error = $db->error; } else { - $count = $result->num_rows; - // If result matched $username and $password, $count must be 1 - if ($count == 1) { + $row = $result->fetch_assoc(); + if (password_verify($password, $row['password'])) { $_SESSION['current_user'] = $username; header("location: welcome.php"); } else { diff --git a/secure/welcome.php b/secure/welcome.php index ce3238c..636d17b 100644 --- a/secure/welcome.php +++ b/secure/welcome.php @@ -2,11 +2,13 @@ include('session.php'); if (isset($_POST['search'])) { $searchInput = $_POST['search']; - $query = "SELECT city, address, phone FROM offices WHERE city LIKE '$searchInput'"; + $stmt = $db->prepare("SELECT city, address, phone FROM offices WHERE city LIKE ?"); + $stmt->bind_param('s', $searchInput); } else { - $query = "SELECT city, address, phone FROM offices"; + $stmt = $db->prepare("SELECT city, address, phone FROM offices"); } - $result = $db->query($query); + $stmt->execute(); + $result = $stmt->get_result(); if (!$result) { $error = $db->error; }