CODEWITHSUNDEEP
phpsecuritysql-injectionsession-hijacking
Darshan Jadiye
Darshan Jadiye

Reputation: 241

PHP authentication security

I build a basic php authentication system for my web project. I just want to ask is it secure because i just worried about session hijacking and sql injection issues. The code is bellow.

user form field contain the user_email filed name for email and password field name for password

PHP user validation code

<?php
  session_start();

     // // check if user session is set or not
   if(isset($_SESSION['user'])){
        // session is set redirect to user home
        header('Location: appointments.php');
   }
   // // checking if request method is post
    if( $_SERVER['REQUEST_METHOD'] === "POST" ){

    if(isset($_POST['user_email']) && isset($_POST['password']) ){
    // including database file for database connection
    include 'database_connection.php';

    $stmt = $conn->prepare("SELECT * FROM user WHERE email = ? AND password = ?");
    $stmt->execute([ $_POST['user_email'] , $_POST['password'] ]);
    $result = $stmt->fetch(PDO::FETCH_ASSOC); 
    if( $stmt->rowCount() > 0 ){            
            $_SESSION['user'] = $result['first_name'];
            $_SESSION['user_first_name'] = $result['first_name'];
            $_SESSION['user_last_name'] = $result['last_name'];
            $_SESSION['user_email'] = $result['email'];
            $_SESSION['user_contact'] = $result['contact'];
            header('Location: user_appoinment_application.php');
            die();
    }
    else{
            header('Location: appointments.php');
            die();
    }
}
else{
        header('Location: appointments.php');
        die();
}


}
 // request method get
   else{
      header('Location: appointments.php');
 }

for checking is user authorized for particular pages i put the following code for checking user is logged in or not at the top of page 

 session_start();   
    // checking the user is logged in or not
   if(!isset($_SESSION['user_first_name'])){
        // session is set redirect to doctor home
         header('Location: appointments.php');
    }

i know for prevent sql injection attacks use sql prepared statements but i don't have a proper knowledge about how to prevent session hijacking. Now i just want to know the above code is secure or not. Thanks in advance

Upvotes: 0

Views: 536

Answers (1)

D. Foley
D. Foley

Reputation: 1024

To make it secure from session hijacking there are a couple of things you need to be aware of.

Session Side Hijacking

This is where a packet sniffer is used on a network to monitor network activity, we can focus on a communication between two parties and hope to steal the session cookie this way. This can be avoided by enabling SSL everywhere on the website. Some people only use SSL on the authentication portion of the website. This isn't good enough, it need to be everywhere on the website.

Session Fixation

This is occurs when the website accepts SID's in the URL or via POST data. A malicious user can set the session ID by typically sending an email to a victim with the SID of their choice in the URL. i.e http://example.com/?SID=I_WILL_GET_YOUR_ID . Now the malicious user just waits for the victim to click the link sent to him/her and once the victim logs in the malicious user can use the aforementioned URL to hijack the session.

Cross-site Scripting

The malicious user tricks the victim into running code that appears to belong to the server, therefore allowing the malicious user to write specific code to steal the session cookie.

Conclusion

For one part using SSL across the entire site will prevent session side hijacking. The other part you have to be cautious of is the XSS exploits. I recommend looking at https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html as it has a good check list of things to think about when writing client-side code.

I hope this helps.

Upvotes: 2

Related Questions