[FX.php List] * and login
Gjermund Gusland Thorsen
ggt667 at gmail.com
Tue Oct 31 06:35:06 MST 2006
what is then the value of foundCount?
ggt667
On 10/31/06, Alex Gates <alex at gandrpublishing.com> wrote:
> Hi everyone-
>
> I've realized that my login can easily be compromised! Thankfully I
> figured this out early in the development process.
>
> If I enter * for username and * for password, it logs me in as the
> latest registered user.
>
> This is my search syntax:
>
> $lookup=new FX($serverIP,$webCompanionPort,'FMPro7');
> $lookup->SetDBData('Web_Cookbook_Dev.fp7','WebLogin');
> $lookup->SetDBPassword('xxxxxx','xxxxxxxx');
> $lookup->AddDBParam('Username', $username, 'eq');
> $lookup->AddDBParam('Password', $password, 'eq');
> $lookupResult=$lookup->FMFind();
> $foundResult=$lookupResult['foundCount'];
>
>
> I'm sorry if this has been covered - I searched the archives but I
> didn't find anything.
>
> Is there a way I can modify this search syntax so * can't be used for
> username and password to log in?
>
> Wow - I never realized this was a possibility... I just randomly tried
> it this morning and was shocked at the result...
>
> Thanks in advance!
>
> Alex
>
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list