I have made a basic login form for an experiment and tried to login by using cURL. I am working with php. I have ensured that nobody can enter the main index.php page without login (authentication). But now when I tried to get access with cURL I got it. I think there msut be a problem in my login and session handling codes. I have tried my best but did not get any solution. Please help to solve this problem.
Thanks in advance.
1. This is the session handling code resides in session.php
<?php
class session{
public static function init(){
session_start();
}
public static function set($key,$value){
$_SESSION[$key] = $value;
}
public static function get($key){
if (isset($_SESSION[$key])) {
return $_SESSION[$key];
}
else{
return false;
}
}
public static function cheaksession(){
self::init();
if(self::get("login") == false){
self::destroy();
header("Location: login.php");
}
}
public static function destroy(){
session_destroy();
}
}
?>
2. This is the login form code resides in login.php
<?php
include "lib/session.php";
session::init();
?>
<?php include "lib/Database.php"; ?>
<?php include "helpers/format.php"; ?>
<?php
$db = new Database();
$fm = new format();
?>
<?php
$err = 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST' ) {
$username = $fm->validation($_POST['username']);
$password = $fm->validation($_POST['password']);
$username = mysqli_real_escape_string($db->link,$username);
$password = mysqli_real_escape_string($db->link,$password);
if($username == 'fahad' && $password == '1234') {
session::set("login",true);
session::set("username",$username);
session::set("userId",1);
header("Location: index.php");
}
else{
$err = 1;
}
}
?>
3. This is the home page code for session checking resides in index.php
<?php
include "lib/session.php";
session::cheaksession();
?>
4. Here is the cURL code of attack
<?php
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,'http://localhost/Hackalgo/DummySite/index.php');
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
?>
By executing this script I am crawling the html page of index.php mentioned just above in (3). But in index.php (3) there is a session checker method which should compel me to go in the login page login.php mentioned in (2) . But it is not working and the index.php (3) is crawled without any authentication in login page (2).
Call exit() or so after sending the Location header.