I write a login page and a checking page in php. On my local machine it work, but on the server it doesn’t (if it matter I’m on Windows and the server is on Linux).
Here is the code in the checking page:
$user = $_POST['userName'];
$pass = $_POST['pass'];
$saltSQL = 'SELECT salt FROM agents WHERE name="' . $user . '"';
$saltResult = mysql_fetch_array(mysql_query($saltSQL));
$salt = $saltResult['salt'];
$passToCheck = hash('sha512', $salt + $pass);
$rowAgent = mysql_fetch_array(mysql_query('SELECT * FROM agents WHERE name ="' . strtolower($user) . '"'));
if ($rowAgent['password'] != $passToCheck) {
header("location:mainLogin.php");
exit;
}
header("location:selectamount_new.php");
The strange thing is that when I enter something with letters to the password input the system let my in (no matter what), and when I enter just numbers the system will check the password correctly and will not let me in (will redirect me to mainLogin.php and not to selectamount_new.php).
Again on my local machine it’s works just fine, the problem is that when I push the code to Linux machine (AWS) with Git.
Advertisement
Answer
The problem is at $salt + $pass. This is not concatenation, is + operator, like in math. So string + string = nothing, that means every password will match. number + string = number, that is why with numbers this works. You should use here the . operator, that means the concatenation.
Anyway, if you don’t proof against SQL injection, anyone will be able to login in your site, regardless of this fix.