Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   Secure Login System Help (http://www.go4expert.com/forums/secure-login-help-t14750/)

Xora 24Oct2008 09:01

Secure Login System Help
 
Ok, so here is the deal. I'm trying to make a login system that is more secure (and make it better in general), but I am having a bit of trouble. I relize some of my problems but I can not think of another way to fix them. So here is my code.

My SQL command:
Code:

CREATE TABLE users (
id INT(55) NOT NULL AUTO_INCREMENT,
username VARCHAR(255) NOT NULL,
password VARCHAR(255) NOT NULL,
name VARCHAR(144) NOT NULL,
PRIMARY KEY ( id ) );

conf.php
PHP Code:

<?php 
$sqlhost 
"<!--Your mysql host-->"
$sqluser "<!--Your mysql username-->"
$sqlpass "<!--Your mysql password-->"
$sqldb "<!--The DB you just made-->"
  
$con mysql_connect$sqlhost$sql_user$sqlpass ) or die( "Error connecting to sql server: ".mysql_error() ); 
$db mysql_select_db$sqldb$con ) or die( "Error selecting db: ".mysql_error() ); 
  
?>

register.php
PHP Code:

<html> 
 <head> 
  <title>Regtistration</title> 
 </head> 
  
 <body> 
  <?php if( $_GET['bad'] == '1' ) { ?> 
<p class="bad">The username you entered is unavailable. <br />Pleae try again.</p> 
<?php ?> 
  <form action="registration.php" method="post"> 
   <table width="300" > 
    <tr><td colspan="2">Please Register.</td></tr> 
    <tr><td>Username:</td><td><input type="text" name="user" /></td></tr> 
    <tr><td>Password:</td><td><input type="password" name="password" /></td></tr> 
    <tr><td>Real Name:</td><td><input type="text" name="name" /></td></tr> 
    <tr><td colspan="2"><input type="submit" name="register" value="Register" /></td></tr> 
   </table> 
  </form> 
 </body> 
</html>

registration.php
PHP Code:

<?php 
require( "conf.php" ); 
  
if( isset( 
$_POST['register'] ) ) 

 
$user stripslashes$_POST['user'] ); 
 
$password md5addslashes"j!2B".$_POST['password']."^nmH" ) ); 
 
$name stripslashes$_POST['name'] ); 
  
 
$rcheck mysql_query"SELECT id FROM users WHERE username = '$user' " ) or die("Error validating username: ".mysql_error()); 
 if( 
mysql_num_rows$rcheck ) == null 
 { 
  
$reg mysql_query"INSERT INTO users VALUES( '', '$user', '$password', '$name' ) " ) or die( "Error registering: ".mysql_error() ); 
  
header"Location: index.php" ); 
 } 
 else 
 { 
  
header"Location: register.php?bad=1" ); 
 } 

?>

index.php
PHP Code:

<html> 
 <head> 
  <title>Please Login</title> 
 </head> 
  
 <body> 
<?php if( $_GET['bad'] == '1' ) { ?> 
<p class="bad">The username or password you entered was incorrect. <br />Pleae try again.</p> 
<?php ?> 
<?php if( $_GET['bad'] == '2' ) { ?> 
<p class="bad">You must be logged in to go there.</p> 
<?php ?> 
  <form action="login.php" method="post"> 
   <table> 
    <tr><td>Please Login</td></tr> 
    <tr><td>Username:</td><td><input type="text" name="user" /></td></tr> 
    <tr><td>Password:</td><td><input type="password" name="password" /></td></tr> 
   <tr><td colspan="2"><a href="register.php">Registration</a></td></tr> 
   <tr><td colspan="2"><input type="submit" name="login" value="Login" /></td></tr> 
   </table> 
  </form> 
 </body> 
</html>

login.php
PHP Code:

<?php 
require( 'conf.php' ); 

if( isset( 
$_POST['login'] ) ) 

 
$user stripslashes(  $_POST['user'] ); 
 
$password stripslashesmd5"j!2B".$_POST['password']."^nmH" ) ); 

 
$check mysql_query"SELECT id FROM users WHERE username = '$user' AND password = '$password'" ) or die( "Error validating user info: ".mysql_error() ); 

 
$count mysql_num_rows$check ); 
 if( 
$count == "1" 
 { 
  
session_start(); 
  
$_SESSION['id'] = mysql_fetch_array$check ); 
  
$_SESSION['username]'] = $user
  
header"Location: welcome.php" ); 
 } 
 else 
 { 
  
header"Location: index.php?bad=1" ); 
 } 

?>

welcome.php
PHP Code:

<?php 
session_start
(); 
if( 
$_SESSION['id'] == null 

 
header"Location: index.php?bad=2" ); 

else 

?> 
<html> 
 <head> 
  <title>Welcome User</title> 
 </head> 
  
 <body> 
  <h1>Welcome User</h1> 
  <a href="logout.php">Logout</a> 
 </body> 
</html> 
<?php ?>

And the little script added to each page to check if they log in
PHP Code:

<?php 
session_start
(); 
if( 
$_SESSION['id'] == null 

 
header"Location: index.php?bad=2" ); 

else 

?>


pete_bisby 19Nov2008 01:23

Re: Secure Login System Help
 
Firstly, you are allowing anyone to register an account - if that is the case, why have a user account at all? Account verification should be a two-stage process, if true secure account creation and login is required.

Secondly, you are hard-coding variables into your SQL code - this is the easiest way to allow hackers to use SQL injection .... huge no-no !!!

If you want a secure login, use SSL and spend some cash on a secure certificate (Verisign or Thawte are the two largest companies) - all transactions will then be encrypted.

Then use stored procedures at the database level - you pass into the stored procedure the parameters you need (in this case the username and password). And make sure the encryption of the password is done at the database level, within the stored procedure - both for creating the user account and for verifying the user details.


All times are GMT +5.5. The time now is 13:14.