tags:

views:

42

answers:

2
if (isset($_POST['login'])){
$query = mysql_query("SELECT id FROM users 
          WHERE username = '".mysql_real_escape_string($_POST['username'])."' 
          AND password = '".mysql_real_escape_string($_POST['password'])."'");

/* wrong login information? redirect to error message */
if (mysql_num_rows($query) == 0){
header("Location: error.php");
exit;
}

/* set session with unique index */
$_SESSION['id'] = mysql_result($query, 0, 'id');
mysql_query("UPDATE users SET last_login = NOW(), _last_ip = '".$_SERVER['REMOTE_ADDR']."' WHERE id = '{$_SESSION['id']}'");
header("Location: welcome.php");
exit;
}

/* if logout, destroy session */
if (isset($_GET['logout'])){
mysql_query("UPDATE users SET online = '0' WHERE id = '{$_SESSION['id']}'");
session_unset();
session_destroy();
header("Location: index.php");
exit;
}

This works but if you leave username and password inputs empty, it log in too :/ I found it this script on a site.

How can I fix this hole?

+1  A: 

Look in your users table. Apparently there is a user with a blank user name and blank password.

Chris Lively
+1  A: 

Seems there is a valid entry with empty username and password in the database.

Delete that entry and add an explicit check for empty username.

Quassnoi