secured password storage

CHANGELOG.md

@@ -1,18 +1,5 @@
 # Changelog
 
-## [1.0.0] - Initial Commit
-- [https://github.com/fobybus/social-media-skeleton] Add the initial version of the Social Media Skeleton application.
-
-## [1.0.1] - Bug Fixes
-### Fixed
-- [Issue ] Addressed a critical SQL injection vulnerability that could compromise data security.
-
-### Affected Files
-- social-media-skeleton/admin/atask/add.php
-- social-media-skeleton/admin/atask/setting.php
-- social-media-skeleton/admin/login.php
-- social-media-skeleton/tasks/updatels.php
-
 ## [1.0.2]
 ### Fixed
 - fixed idor bug in updatels.php 
@@ -29,3 +16,23 @@
 
  ### feature added 
  added adminlogin link to login navigation bar  
+
+***************
+
+ ## [1.0.1] - Bug Fixes
+### Fixed
+- [Issue ] Addressed a critical SQL injection vulnerability that could compromise data security.
+
+### Affected Files
+- social-media-skeleton/admin/atask/add.php
+- social-media-skeleton/admin/atask/setting.php
+- social-media-skeleton/admin/login.php
+- social-media-skeleton/tasks/updatels.php
+
+*********************
+
+## [1.0.0] - Initial Commit
+- [https://github.com/fobybus/social-media-skeleton] Add the initial version of the Social Media Skeleton application.
+
+
+

admin/atask/add.php

@@ -33,17 +33,46 @@
     exit();
   }
   require("../../tasks/condb.php");
-
+
+  //prepare 
+  $salt=generateSalt();
+  $upass=hashPass($upass,$salt);
   // Create a prepared statement to prevent SQL injection
   $query = "INSERT INTO admin (email, password) VALUES (?, ?)";
   $stmt = mysqli_prepare($dbcon, $query);
   mysqli_stmt_bind_param($stmt, "ss", $uemail, $upass);
   $result = mysqli_stmt_execute($stmt);
-
+  mysqli_stmt_close($stmt);
   if($result)
   {
-    echo("<p style='color:green;position:absolute;left:250px;top:70px'> successfully added $uemail</p>");
-    $dbcon->close();
+    //GET Id 
+    $query="select admin_id from admin where email=?";
+    $stmt = mysqli_prepare($dbcon, $query);
+    mysqli_stmt_bind_param($stmt, "s", $uemail);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    if($result->num_rows!=0)
+    {
+      $row=$result->fetch_assoc();
+      $id=$row["admin_id"];
+      $query="INSERT INTO adminsalt (aid,salt) VALUES (?,?)";
+      $stmt = mysqli_prepare($dbcon, $query);
+      mysqli_stmt_bind_param($stmt, "ss", $id,$salt);
+      if(mysqli_stmt_execute($stmt))
+      {
+
+        echo("<p style='color:green;position:absolute;left:250px;top:70px'> successfully added $uemail</p>");
+        $dbcon->close();
+      } else {
+        echo("<p style='color:green;position:absolute;left:250px;top:70px'> error occured</p>");
+      }
+
+
+    } else {
+      echo("<p style='color:green;position:absolute;left:250px;top:70px'>error occured while registering admin  </p>");
+    }
+
+
   }  else {
   echo("some thing want wrong please try again!");
   $dbcon->close();

admin/atask/setting.php

@@ -1,6 +1,7 @@
 <!-- drop in and out of the PHP context -->
 <?php  
 session_start();
+require("../../tasks/passw.php");
 if(!isset($_SESSION["aid"]))
 {
 	header("location:../adminlogin.html");
@@ -28,12 +29,13 @@
 	{
 	$pchanged=true;
 	$newpass=$_POST['password'];
+	$newpass=hashPass($newpass,$_SESSION["salt"]);
 	} 
 	if(isset($_POST['oldpass']) && $_POST['oldpass']!="")
 	{
 		$putold=true;
 		$oldpass=$_POST['oldpass'];
-
+		$oldpass=hashPass($oldpass,$_SESSION["salt"]);
 	}
 /*************************************************** */
 $id=$_SESSION["aid"];

admin/login.php

@@ -1,14 +1,15 @@
 <?php
 include("../tasks/condb.php");
+include("../tasks/passw.php");
 if(!isset($_POST["email"]))
 header("location:adminlogin.html");
 //handle the form 
 $uemail=$_POST["email"];
 $upass=$_POST["password"];
 
 // Create a prepared statement to prevent SQL injection
-$stmt = mysqli_prepare($dbcon, "SELECT * FROM admin WHERE email=? AND password=?");
-mysqli_stmt_bind_param($stmt, "ss", $uemail, $upass);
+$stmt = mysqli_prepare($dbcon, "SELECT * FROM admin left join adminsalt on admin.admin_id=adminsalt.aid WHERE email=?");
+mysqli_stmt_bind_param($stmt, "s", $uemail);
 mysqli_stmt_execute($stmt);
 $result = mysqli_stmt_get_result($stmt);
 
@@ -17,12 +18,24 @@
 {
   $rows=$result->fetch_assoc();
   $id=$rows["admin_id"];
-  session_start();
-  $_SESSION["aid"]=$id;
-  $_SESSION["password"]=$rows["password"];
- header("location:home.php");
+  $pass=$rows["password"];
+  $salt=$rows["salt"];
+  $upass=hashPass($upass,$salt);
+  //checking 
+  if($upass==$pass)
+  {
+    session_start();
+    $_SESSION["aid"]=$id;
+    $_SESSION["password"]=$pass;
+    $_SESSION["salt"]=$salt;
+   header("location:home.php");
+  } else {
+    echo "<p style='color:red;text-align:center;font-size:20px;'> incorrect password   </p>";
+   require('adminlogin.html');
+  }
+
 }  else {
-    echo "<p style='color:red;text-align:center;font-size:20px;'> incorrect password or email  </p>";
+    echo "<p style='color:red;text-align:center;font-size:20px;'> incorrect email  </p>";
    require('adminlogin.html');
 }
 $dbcon->close();

admin/mg.php

@@ -1,11 +1,3 @@
-<!-- drop in and out of the PHP context -->
-<!--
-<?php 
-//switching to the html
-?> 
-
--->
-
 <?php
 session_start();
 if(!isset($_SESSION["aid"]))

login.php

@@ -1,26 +1,26 @@
 <?php
+session_start();
+if(isset($_SESSION["id"]))
+{
+	header("location:user/home.php");
+}
 
-use LDAP\Result;
-
-include("tasks/condb.php");
+require("tasks/condb.php");
+require("tasks/passw.php");
 //handle the form 
 $uemail=$_POST["email"];
 $upass=$_POST["password"];
 
 //prevent sql injection 
 $uemail=mysqli_real_escape_string($dbcon,$uemail);
-$upass=mysqli_real_escape_string($dbcon,$upass);
 
 //query on database.
-$query="select * from users where email='$uemail' and password='$upass'";
+$query="select * from users left join usersalt on users.id=usersalt.uid where email='$uemail'";
 $result=mysqli_query($dbcon,$query);
-
 //check if there is a match 
 if($result->num_rows>0)
 {
-
-
-  //fetch  id to store to 
+  //fetch  some data
   $row=$result->fetch_assoc();
   $id=$row["id"];
   $lname=$row['lname'];
@@ -32,9 +32,13 @@
   $pas=$row["password"];
   $edu=$row["edu"];
   $joined=$row["joined"];
-
-  //session start
-  session_start();
+  $salt=$row["salt"];
+
+  //checking 
+  $upass=hashPass($upass,$salt);
+  if($upass==$pas)
+  {
+      //session start
   $_SESSION['email']=$email;
   $_SESSION["id"]=$id;
   $_SESSION["fname"]=$fname;
@@ -45,31 +49,30 @@
   $_SESSION["password"]=$pas;
   $_SESSION["edu"]=$edu;
   $_SESSION["joined"]=$joined;
+  $_SESSION["salt"]=$salt;
   ////////////////////////////
-
   //update last seen
   ////////////////////////////
   $sessionID =   session_id();
   session_write_close();
-
   $chandler=curl_init();
   $url=$_SERVER['SERVER_NAME']."/social-media-skeleton/tasks/updatels.php?email=$uemail";
   curl_setopt($chandler,CURLOPT_URL,$url);
   curl_setopt($chandler, CURLOPT_HTTPHEADER, array("Cookie:".'PHPSESSID=' . $sessionID));
   curl_setopt($chandler,CURLOPT_RETURNTRANSFER,false);
   curl_exec($chandler);
   curl_close($chandler);
-
-$dbcon->close();
   header("location:user/home.php");
-    exit;
+  } else {
+    echo "<p style='color:red;text-align:center;font-size:20px;'> Incorrect Attempt! </p>";
+    require('login.html');
+  }
+
 }  else {
-  $dbcon->close();
-    echo "<p style='color:red;text-align:center;font-size:20px;'> incorrect password or email  </p>";
+    echo "<p style='color:red;text-align:center;font-size:20px;'> Email doesn't exist </p>";
    require('login.html');
-    exit();
 }
-
+$dbcon->close();
 ?>
 
 

signup.php

@@ -1,8 +1,9 @@
 <?php
 include("tasks/condb.php");
+include("tasks/passw.php");
 //handle the form 
 $uemail=htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8');
-$upass=htmlspecialchars($_POST["password"], ENT_QUOTES, 'UTF-8');
+$upass=$_POST["password"];
 $ufname=htmlspecialchars($_POST["fname"], ENT_QUOTES, 'UTF-8');
 $ulname=htmlspecialchars($_POST["lname"], ENT_QUOTES, 'UTF-8');
 $ugender=htmlspecialchars($_POST['gender'], ENT_QUOTES, 'UTF-8');
@@ -29,15 +30,34 @@
 //if available 
 if($result->num_rows==0)
 {
+//
+$salt=generateSalt();
+$upass=hashPass($upass,$salt);
 //insert to database.
 $query="insert into users (email,password,fname,lname,gender,bday,edu,city,last_seen,joined) values('$uemail','$upass','$ufname','$ulname','$ugender','$ubdate','$uelevel','$ucity','$lseen','$lseen')";
 $result=mysqli_query($dbcon,$query);
 //if successfully inseerted true 
 if($result==true)
 {
-    echo("you have successfully registered,login now");
-    require('login.html');
-    exit();
+    //get id 
+    $query="select * from users where email='$uemail'";
+    $result=mysqli_query($dbcon,$query);
+    if($result->num_rows!=0)
+    {
+        $row=$result->fetch_assoc();
+        $i=$row["id"];
+        //save sal
+        $query="insert into usersalt (uid,salt) values ('$i','$salt')";
+        $result=mysqli_query($dbcon,$query);
+        if($result==true)
+        echo("you have successfully registered,login now");
+        else 
+        echo("something went wrong!");
+        require('login.html');
+    } else {
+        echo("something went wrong!");
+    }
+
 
 } else {
     echo mysqli_error($dbcon)."<br>";
@@ -49,6 +69,7 @@
     exit();
 }
 
+$dbcon->close();
 
 
 

user/setting.php

@@ -46,15 +46,18 @@
 
 if(isset($_POST["ch-pass"]))
 {
- if($_POST['oldpass']==$_SESSION["password"] && $_POST["newpass"]==$_POST["cpass"] && $_POST["oldpass"]!=$_POST["newpass"])
+  $cpass=hashPass($_POST["cpass"],$_SESSION["salt"]);
+  $newpass=hashPass($_POST["newpass"],$_SESSION["salt"]);
+  $oldpass=hashPass($_POST["oldpass"],$_SESSION["salt"]);
+ if($oldpass==$_SESSION["password"] && $newpass==$cpass && $oldpass!=$newpass)
  {
  //hange 
 $id=$_SESSION["id"];
 $query="update users set password=? where id=$id";
 $st=$dbcon->prepare($query);
-$st->bind_param("s",$_POST["newpass"]);
+$st->bind_param("s",$newpass);
 $st->execute();
-$_SESSION["password"]=$_POST["newpass"];
+$_SESSION["password"]=$newpass;
 echo "password changed successfully!";
 } else {
   echo "something want wrong. please try again!";