Jump to content
Xisto Corporation
Sign in to follow this  
Ojkatii

Is This A Good Script? A login script

Recommended Posts

Okay, I am trying to password one page of my website. I need confirmation if this is a safe code or not. The whole code is on the page I'm protecting.

<?php include('header.php') ?><?php// Define your username and password$username = "THE_USERNAME";$password = "THE_PASSWORD";if ($_POST['txtUsername'] != $username || $_POST['txtPassword'] != $password) {?><h1>Login</h1><form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"><div align="center"><center><table border="0" cellpadding="5" cellspacing="0"><tr><td><label for="txtUsername">Username</label></td><td><input type="text" title="Enter your Username" name="txtUsername" /></td></tr><tr><td><label for="txtpassword">Password</label></td><td><input type="password" title="Enter your password" name="txtPassword" /></td></tr></table></center></div><p align="center"><input type="submit" name="Submit" value="Login" /></p></form><?php}else {?>The stuff being protected here....<?php } ?><?php include('footer.php') ?>

Is this a safe script, or could someone possibly discover the username and password?

Share this post


Link to post
Share on other sites

It seems good to me, i have a comment though, I think you should check the username and password input doesnt contain malicious code, you could use strip_tags or make your own cleaning script, its not a massive concern as theres no database involved but i think it would be possible for an adept coder to inject code by entering it in the username/password box on the form. Other than this it seems fine to me, im not saying its 1OO% safe, nothing really is but i would feel happy about using it on my site.

Share this post


Link to post
Share on other sites

Instead of using an assignment for the user name and password, check out the Define function. http://ca3.php.net/manual/en/function.define.php
It adds a little bit to the security because "defined" values can not be modified by the script, so it would eliminate one possible security risk.

Also, the first rule of using data from Forms is "NEVER TRUST USER INPUT". Always check the data to be certain it is not harmful.

Share this post


Link to post
Share on other sites

Use strtolower() function to make your login script NOT case sensitive. Case sensitive login system are safer but could be annoying for the visitor.if (strtolower($_POST['txtUsername'])!= strtolower($username) || strtolower($_POST['txtPassword']) != strtolower($password)) {

Share this post


Link to post
Share on other sites

it should be 100% safe because if the script is server side the server makes it html and sends to browser when we open view source it shows the page content but the problem comes when linking the hackers right clicks and choose save target as , to solve the problem the page which contains link should be any server side language or flash or javaEDITED BECAUSE:no grammar

Edited by mahirharoon

Share this post


Link to post
Share on other sites

well, i can't say it's easy to hack and that anyone can break the code. Try to include the login part from other file. that way will be more secure. You can also add another security. A db, the form confirms the user on the db, and the conection is made from another php and voil?, an headache to hackers =)

Share this post


Link to post
Share on other sites

yes but you should ad a "logged" = 12343 to it so it knows if the user is onlinethen you can use in other scripts :if get session "logged"=12343he/her get access to thingssorry for my english, and php, i had a bit hurry

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.