Jump to content
xisto Community
Sign in to follow this  
Ojkatii

Is This A Good Script? A login script

Recommended Posts

Okay, I am trying to password one page of my website. I need confirmation if this is a safe code or not. The whole code is on the page I'm protecting.

<?php include('header.php') ?><?php// Define your username and password$username = "THE_USERNAME";$password = "THE_PASSWORD";if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {?><h1>Login</h1><form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><div align="center"><center><table border="0" cellpadding="5" cellspacing="0"><tr><td><label for="txtUsername">Username</label></td><td><input type="text" title="Enter your Username" name="txtUsername" /></td></tr><tr><td><label for="txtpassword">Password</label></td><td><input type="password" title="Enter your password" name="txtPassword" /></td></tr></table></center></div><p align="center"><input type="submit" name="Submit" value="Login" /></p></form><?php}else {?>The stuff being protected here....<?php } ?><?php include('footer.php') ?>

Is this a safe script, or could someone possibly discover the username and password?

Share this post


Link to post
Share on other sites

It seems good to me, i have a comment though, I think you should check the username and password input doesnt contain malicious code, you could use strip_tags or make your own cleaning script, its not a massive concern as theres no database involved but i think it would be possible for an adept coder to inject code by entering it in the username/password box on the form. Other than this it seems fine to me, im not saying its 1OO% safe, nothing really is but i would feel happy about using it on my site.

Share this post


Link to post
Share on other sites

Instead of using an assignment for the user name and password, check out the Define function. http://ca3.php.net/manual/en/function.define.php
It adds a little bit to the security because "defined" values can not be modified by the script, so it would eliminate one possible security risk.

Also, the first rule of using data from Forms is "NEVER TRUST USER INPUT". Always check the data to be certain it is not harmful.

Share this post


Link to post
Share on other sites

I would say that this is not a secure script. any body can easily hack into this script by linkin this with other script on some other terminal.He can easily modify the variables as they are defined globally. So, I won't recommend it.

Share this post


Link to post
Share on other sites

Use strtolower() function to make your login script NOT case sensitive. Case sensitive login system are safer but could be annoying for the visitor.if (strtolower($_POST['txtUsername'])!= strtolower($username) || strtolower($_POST['txtPassword']) != strtolower($password)) {

Share this post


Link to post
Share on other sites

it should be 100% safe because if the script is server side the server makes it html and sends to browser when we open view source it shows the page content but the problem comes when linking the hackers right clicks and choose save target as , to solve the problem the page which contains link should be any server side language or flash or javaEDITED BECAUSE:no grammar

Edited by mahirharoon (see edit history)

Share this post


Link to post
Share on other sites

well, i can't say it's easy to hack and that anyone can break the code. Try to include the login part from other file. that way will be more secure. You can also add another security. A db, the form confirms the user on the db, and the conection is made from another php and voil?, an headache to hackers =)

Share this post


Link to post
Share on other sites

yes but you should ad a "logged" = 12343 to it so it knows if the user is onlinethen you can use in other scripts :if get session "logged"=12343he/her get access to thingssorry for my english, and php, i had a bit hurry

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.