Password Encryption and SQL Injection Vulnerability in config.php

[Vignesh-Jothi]

1. Password Encryption: The code uses the outdated md5 function for password encryption, which is considered weak. It's recommended to use password_hash and password_verify for more secure password handling.

2. SQL Injection: The code is susceptible to SQL injection attacks as it directly interpolates user inputs into SQL queries. Using prepared statements helps prevent SQL injection by separating data from the query.

Fix Details:

1. Password Encryption:

   • Issue: Using md5 for password hashing is insecure.
   • Fix:

     // Change this line
     $password = md5($password_1);
     
     // To
     $hashed_password = password_hash($password_1, PASSWORD_DEFAULT);
     

2. SQL Injection:

   • Issue: Lack of prepared statements in the user check query.
   • Fix:

     // Change this block
     $user_check_query = "SELECT * FROM register WHERE Name='$username' OR email='$email' LIMIT 1";
     $result = mysqli_query($db, $user_check_query);
     
     // To
     $user_check_query = $db->prepare("SELECT * FROM register WHERE Name=? OR email=? LIMIT 1");
     $user_check_query->bind_param('ss', $username, $email);
     $user_check_query->execute();
     $result = $user_check_query->get_result();
     

Additional Recommendations:

1. Error Handling:

   • Add error handling for database queries to provide meaningful error messages.

   $result = $user_check_query->get_result();
   if (!$result) {
       die('Error executing query: ' . $user_check_query->error);
   }
   

2. Session Start Check:

   • Check if the session is already started before calling session_start() to avoid potential issues.

   if (session_status() == PHP_SESSION_NONE) {
       session_start();
   }
   

3. Logging Out:

   • If you have a logout functionality, include a secure way to destroy the session.

   if (isset($_GET['logout'])) {
       session_destroy();
       unset($_SESSION['Name']);
       header("location: index.php");
   }