Question: Identify at least two different security vulnerabilities in the code. Explain the vulnerabilities youve found and explain how they could be exploited and how youd

Identify at least two different security vulnerabilities in the code. Explain the vulnerabilities youve found and explain how they could be exploited and how youd fix them.

// Define variables and initialize with empty values $username = $password = ""; $username_err = $password_err = "";

// Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST"){

// Check if username is empty if(empty(trim($_POST["username"]))){ $username_err = 'Please enter username.'; } else{ $username = trim($_POST["username"]); }

// Check if password is empty if(empty(trim($_POST['password']))){ $password_err = 'Please enter your password.'; } else{ $password = trim($_POST['password']); }

// Validate credentials if(empty($username_err) && empty($password_err)){ // Prepare a select statement $sql = "SELECT username, password FROM users WHERE username = ?";

if($stmt = mysqli_prepare($link, $sql)){ // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_username);

// Set parameters $param_username = $username;

// Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)){ // Store result mysqli_stmt_store_result($stmt);

// Check if username exists, if yes then verify password if(mysqli_stmt_num_rows($stmt) == 1){ // Bind result variables mysqli_stmt_bind_result($stmt, $username, $hashed_password); if(mysqli_stmt_fetch($stmt)){ if(password_verify($password, $hashed_password)){ /* Password is correct, so start a new session and save the username to the session */ openlog('Lab4c', LOG_NDELAY, LOG_USER); syslog(LOG_NOTICE, "Valid login"); session_start(); $_SESSION['username'] = $username; header("location: welcome.php"); } else{ // Display an error message if password is not valid $password_err = 'The password you entered was not valid.'; openlog('Lab4c', LOG_NDELAY, LOG_USER); syslog(LOG_ERR, "Invalid credentials") } } } else{ // Display an error message if username doesn't exist $username_err = 'No account found with that username.'; } } else{ echo "Oops! Something went wrong. Please try again later."; } }

// Close statement mysqli_stmt_close($stmt); }

// Close connection mysqli_close($link); } ?>

Login

Login

Please fill in your credentials to login.

" method="post">

Don't have an account? Sign up now.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

I received answers to these questions but they were wrong and I failed. Attached are the questions again. The underlines/Highlighted are the answers I have which apparently are not all correct,...

Q:

Let A, B be sets. Define: (a) the Cartesian product (A B) (b) the set of relations R between A and B (c) the identity relation A on the set A [3 marks] Suppose S, T are relations between A and B, and...

Q:

The report says the breach compromised the data of nearly 9.7 million Canadians. The accounts included seven million based in Quebec, said Diane Poitras, the president of Quebec's Commission d'accs...

Q:

Question after backround info highlight question in new picture Background Information ABC Co. sells various furniture purchased from manufacturers to retailers across Canada. Purchases When...

Q:

Hi, I am requesting your help. I am trying to figure how to do with building a business plan. This course-related in Managerial Accounting about the business plan. I appreciated and help me to...

Q:

1 . Explain Figure 1 : Organization - wide Risk Management Approach. 2 . Briefly explain two of the items from the preparation list. 3 . Provide a reason why you think the risk decisions at Levels 1...

Q:

This assignment is aimed at assessing your understanding of the notion of quality and different measuring techniques that we can use to evaluate product quality in software testing. Give answers to...

Q:

A new version of the operating system is being planned for installation into your departments production environment. What sort of testing would you recommend is done before your department goes live...

Q:

******ebook converter DEMO Watermarks******* ******ebook converter DEMO Watermarks******* ******ebook converter DEMO Watermarks******* ******ebook converter DEMO Watermarks******* Also by Marcus...

Q:

Chapter 10 Business Process and Information Systems Development \"Jeff, we clean the clubhouse restrooms twice a day . . . in the morning before 7 and again just before lunch. We've been doing that...

Q:

What were the key factors that contributed to the outbreak of the American Civil War in 1861?

Q:

Let T: V W be a linear transformation between finite-dimensional vector spaces and let B and C be bases for V and W, respectively. Show that the matrix of T with respect to B and C is unique. That...

Q:

Ablobs Paintho Department has budgeted monthly manufacturing ovehad cost of SP 4 0 , 0 0 0 phas $ 3 per dirsct inbor hour. II a fextio budgot neport relacts $ 1 , 0 4 4 , 0 0 0 for totel budpeted...

Q:

Cu les son las implicaciones te ricas de las simulaciones de din mica molecular para dilucidar los fen menos de transporte de fluidos y part culas en medios porosos, centr ndose en los mecanismos de...

Q:

7. Explain why retirees may be valuable as part-time employees.

Q:

3. Provide advice on how to help a plateaued employee.

Q:

4. Develop policies to help employees and the company avoid technical obsolescence.