0

hello i am trying to make an account activation page but when i try to activate an account it works 1 out of two times. so basically my activate link uses the users id which is encoded with base64_encode() and the users pass which is encoded with crypt (sha512). so my code on registration page looks like this:

    $qry = "SELECT * FROM users WHERE username='$username'"; 
    $res = mysql_query($qry);
    $row = mysql_fetch_row($res);
    $userid=$row[0];//gets the id of the user
    $userpass=$row[2];//gets the pass from database (which is already encoded)
    $userid=base64_encode($userid); //encodes userid
    $code=substr($userpass,6,strlen($userpass)-6); // cuts off some $6$xx$ information which is needed for crypt.
    $message="//here is some message and then the link 
    http://www.xxx.be/forum/confirm.php?userid=".$userid."&code=".$code;

    mail($email , "xxx registration confirmation" ,$message,"From:NoReply@xxx.be");

this is the code i use in confirm.php:

$userid=base64_decode($_GET['userid']); 
$qry = "SELECT * FROM users WHERE id='$userid'"; 
$res = mysql_query($qry);
$row = mysql_fetch_row($res);
if ($userid%2==0) {
$pass=substr($row[2],0,strlen($row[2])-1);
} else {
$pass=$row[2];
}
if ($pass=="$6$10$".$_GET['code']) {
$qry = "UPDATE users SET activated=1
WHERE id=$userid"; 
$res = mysql_query($qry);

so here comes my problem: (line 5-9 in confirm.php) i don't see why i had to do this. everytime i made an account it only worked if the userid was odd. if it was even it added a dot to the password. so something like this:
userid:1 password:something
userid:2 password:stackoverflow.

so that's why the $pass did'nt mach the "$6$10$".$_GET['code'] and the whole code failed. i tottally have no clue why it adds the dot when my userid is 0. ps: line 5-9 in confirm.php solved that problem. but i just want to know why it did that.

edit: please read the whole post before answering.

jannes braet
  • 1
  • 2
  • 8
  • 4
    Your code is vulnerable to SQL injection. Please move away from using the old `mysql_*` functions, and switch to parameterised queries in MySQLi or PDO. – Polynomial Jun 08 '12 at 10:45
  • _"so here comes my problem: [...] everytime i made an account it only worked if the userid was odd. if it was even it added a dot to the password. "_ Then show the code that stores a user. – CodeCaster Jun 08 '12 at 11:04
  • So, what is the intent of `if ($userid%2==0)`? I'm not quite getting what you're trying to do there, but it is likely to be the source of your issue with odd/even user IDs. – halfer Jun 08 '12 at 11:07
  • no its not the issue it's the solution.... if i remove that it doesn't work anymore and i don't see why – jannes braet Jun 08 '12 at 11:12
  • $qry = "INSERT INTO users(username, password,email) VALUES('$username','$password','$email')"; $result = @mysql_query($qry); – jannes braet Jun 08 '12 at 11:13

1 Answers1

0
if ($userid%2==0) {
    $pass=substr($row[2],0,strlen($row[2])-1);
} else {
    $pass=$row[2];
}

This statement is useless and it is what is breaking your code. If the userid == even number, then it is cutting off the last character from the $row[2] string.

To fix you could just remove the if statement and have

$pass = $row[2];

Also as a side note, as someone had commented, you should look into using prepared statements to prevent SQL injections. Or at the very least sanitize the $_GET variables you use before putting them into your queries.

Supericy
  • 5,866
  • 1
  • 21
  • 25
  • um that's what my whole post is about. if i remove these codes then it adds a dot to the password in case it is even. – jannes braet Jun 08 '12 at 11:11