Practical exploitation of rounding vulnerabilities in internet banking applications
INTERNET APPLICATION DEVELOPMENT Practical on Sessions.
-
Upload
laura-carter -
Category
Documents
-
view
220 -
download
2
Transcript of INTERNET APPLICATION DEVELOPMENT Practical on Sessions.
INTERNET APPLICATION DEVELOPMENT
Practical on Sessions
• During this session,• we will write a script for logging a user to passwored
protected system.• We will create the appropriate tables to store users’ data
permanently. • We will use php session to store the information which is
needed temporarily.
• First, we should think about the table.• Create the needed table.• For example the following table would be sufficient for this
situation:
• The above table can be created through php as follow:
User_name Password Name
<?php$con = mysql_connect("localhost","moh","1414"); if (!$con){die('Could not connect: ' . mysql_error()); } // Create database if you dont have oneif (mysql_query("CREATE DATABASE se_DB",$con)){ echo "Database created";}else{echo "Error creating database: " . mysql_error();}
mysql_select_db(« se_DB", $con);
$sql = "CREATE TABLE users( user_name varchar(25), password varchar(15))"; name varchar(15),// Execute querymysql_query($sql,$con);
mysql_query("INSERT INTO users(user_name, password, name) VALUES (‘ssss', ‘0000‘,’khalid’)");mysql_close($con); ?>
• After creating the table and insertting some data, we will start thinking about the web page which will allow the user to type his credential details. This could be as the following page:
• Note: we have used the form tag to pass the user name and password to the next page as stated in the action attribute.
<html><body bgcolor="#E6E6FA"><form action="http://localhost/logIn.php" method="post">user name: <input type="text" name="fname" /><br/>password: <input type="password" name="fpass" /><br/><input type="submit" value="submit"/></form></body></html>
The log in web page• The above page will send the user name and password to login.php
web page. So,this page should check the submitted data. if the user name and password are correct , the user should be directed to the home page.
<?php// getting the user name and password from the first page$usern= $_POST["fname"];$pass= $_POST["fpass"];
$con = mysql_connect("localhost","moh","1414"); if (!$con){die('Could not connect: ' . mysql_error());}mysql_select_db("project_DB", $con);// now we will select the rows from the table which have the same username and password$sql="SELECT * FROM users WHERE user_name='$usern' and password='$pass'";$result=mysql_query($sql);
• Note: if the user is legal user, we will create a session and store his name in the session to retreive it later from different page without connecting to the database again.
// mysql_num_row is used to count the number of rows in the result
$count=mysql_num_rows($result);
// If result matched $myusern and $pass, the resultset must be 1 row
if($count==1){session_start();// find the name of user from the result that you got from the database// we use the mysql_fetch_array() function to return the first row from the recordset as an array.$row = mysql_fetch_array($result);
// store the name in the session array$_SESSION['full_name']=$row['name'];// create a key regitered in the session array to track the registered user later$_SESSION['registered']="yes";// direct the user to the protected page.header("location:home.php");}else {header("location:first.php");}?>
The protected page • Now, we will create the protected web page.• This page should check whether there is a session or not.• If there is a session, it means that the user has registered
in and it will display the page. If not it will direct the user to the first page to log in.
• Next practical, how to destroy the session and where?
<?phpsession_start();
if(isset($_SESSION['registered'])){echo « you are in protected page« ; }elseheader("location:first.php")?>