Revived Vulnerable PHP User Registration
Description
This outdated PHP script handles user registration. It demonstrates several vulnerabilities common in early web applications.
Code Snippet
<?php
require 'password.php'; // Assuming password library is included
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$password = filter_input(INPUT_POST, 'password', FILTER_SANITIZE_STRING);
if (empty($username) || empty($password)) {
die('Username and password are required.');
}
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
try {
$pdo = new PDO('mysql:host=localhost;dbname=mydatabase', 'dbuser', 'dbpass');
$stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->execute([$username, $hashedPassword]);
echo "New record created successfully";
} catch (PDOException $e) {
die("Error: " . $e->getMessage());
}
?>