Forum Clubic

Script sécurisé ?

Bonjours, j’aurais aimer savoir si ce script est sécurisé selon vous (script d’envoi de mdp) :

$host="localhost"; // Host name 
$username="xxxxx"; // Mysql username 
$password="xxxx"; // Mysql password 
$db_name="xxxxxx"; // Database name 


//Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
mysql_select_db("$db_name")or die("cannot select DB");

// value sent from form 
$email_to=$_POST['email_to'];

// table name 
$tbl_name=_users; 

// retrieve password from table where e-mail = $email_to(eeeeee@******.com) 
$sql="SELECT password FROM $tbl_name WHERE email='$email_to'";
$result=mysql_query($sql);

// if found this e-mail address, row must be 1 row 
// keep value in variable name "$count" 
$count=mysql_num_rows($result);

// compare if $count =1 row
if($count==1){

$rows=mysql_fetch_array($result);

// keep password in $your_password
$your_password=$rows['user_password'];
// ---------------- SEND MAIL FORM ---------------- 

// send e-mail to ...
$to=$email_to; 

// Your subject 
$subject="Your password here"; 

// From 
$header="from: zzzzz <serv@xxxxx.com>"; 

// Your message 
$messages= "Your password for login to our website \r\n";
$messages.="Your password is $your_password \r\n";
$messages.="more message... \r\n";

// send email 
$sentmail = mail($to,$subject,$messages,$header); 

}

// else if $count not equal 1 
else {
echo "Not found your email in our database";
}

// if your email succesfully sent 
if($sentmail){
echo "Your Password Has Been Sent To Your Email Address.";
}
else {
echo "Cannot send password to your e-mail address";
}

Ok, j’ai compris pourquoi il y a une inject sql possible:

Si on fait: SELECT password FROM members WHERE email=’’ OR name =‘admin’

On obtient le pass de l’admin … Et pareil pour tout les autres membres. Comment faire pour enpêcher cela ? (et toutes les autres failles si il y en a d’autres)

Salut,

Remplace :

 $email_to=$_POST['email_to'];

Par :

$email_to = mysql_real_escape_string($_POST['email_to']);

Si tu veux plus d’info va ici : fr2.php.net…

Problème réglé ! : www.newthinktank.com…

Merci quand même :slight_smile: