insecure-php-application-fo.../login.php

<?php
    require 'includes/common.php';

    if (isset($_SESSION['id'])) {
        header('Location: ./user.php');
        exit;
    }

    if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
        header('Location: ./');
        exit;
    }
    
    $username = $_REQUEST['username'];
    $password = $_REQUEST['password'];

    $con = connect();
    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";

    $getUser = mysqli_query($con, $sql);

    if (!$getUser) {
        header('Location: ./');
        exit;
    }

    $user = mysqli_fetch_assoc($getUser);

    $_SESSION['id'] = $user['id'];
    header('Location: ./');
    exit;
?>
Legg til login POST side 2019-11-14 09:10:36 +01:00			`<?php`
			`require 'includes/common.php';`

			`if (isset($_SESSION['id'])) {`
			`header('Location: ./user.php');`
			`exit;`
			`}`

Fix 2019-11-18 11:30:22 +01:00			`if (!isset($_REQUEST['username'], $_REQUEST['password'])) {`
Legg til login POST side 2019-11-14 09:10:36 +01:00			`header('Location: ./');`
			`exit;`
			`}`

Fix 2019-11-18 11:30:22 +01:00			`$username = $_REQUEST['username'];`
			`$password = $_REQUEST['password'];`
Legg til login POST side 2019-11-14 09:10:36 +01:00
			`$con = connect();`
Fix 2019-11-18 11:30:22 +01:00			`$sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";`

			`$getUser = mysqli_query($con, $sql);`

			`if (!$getUser) {`
			`header('Location: ./');`
			`exit;`
			`}`

Legg til login POST side 2019-11-14 09:10:36 +01:00			`$user = mysqli_fetch_assoc($getUser);`

			`$_SESSION['id'] = $user['id'];`
Fix 2019-11-18 11:30:22 +01:00			`header('Location: ./');`
Legg til login POST side 2019-11-14 09:10:36 +01:00			`exit;`
			`?>`