473,624 Members | 2,612 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

A secure user login example

Hi Everyone,
Do you have a place where i can find an example for a PHP system that
uses secure user login (e.g. web based mail application etc)
Thanks

Dec 19 '06 #1
4 2029
Rik
2g*****@gmail.c om wrote:
Hi Everyone,
Do you have a place where i can find an example for a PHP system that
uses secure user login (e.g. web based mail application etc)
Tons around. This is a nice one, allthough it's got it's sortcomings, and
you'll have to image the HTTPS with it:
http://www.evolt.org/PHP-Login-Syste...Admin-Features
--
Rik Wasmus
Dec 19 '06 #2
I learned a lot by playing with this one:
http://www.phpfreaks.com/tutorials/65/0.php

Dec 19 '06 #3
Rik
PseudoMega wrote:
I learned a lot by playing with this one:
http://www.phpfreaks.com/tutorials/65/0.php

....
$username = $_POST['username'];
....
$username = stripslashes($u sername);
....
$sql_username_c heck = mysql_query("SE LECT username FROM users WHERE
username='$user name'");
....
$username_check = mysql_num_rows( $sql_username_c heck);
(pffff, ok, I know what to put there.... something along the lines or
$username="a' OR 1 = 1 LIMIT 1")
....
$username_check = mysql_num_rows( $sql_username_c heck);
....
if(($email_chec k 0) || ($username_chec k 0)){...}
(shouldn't that be a == 1?)
....
$sql = mysql_query("IN SERT INTO users (first_name, last_name,
email_address, username, password, info, signup_date, decrypted_passw ord)
VALUES('$first_ name', '$last_name', '$email_address ', '$username',
'$db_password', '$info2', now(), '$random_passwo rd')") or die
(mysql_error()) ;

Uhoh, there goes the database.... I can update another username with my own
custom password without trouble....
The whole tutorial is filled with it. I hope he sais something in the end
about escaping (not stripslashes... .), or this is a highly unsecure login
indeed. I'm not going to read it all though. At least jpmaster was using
addslashes... A nice, yet cumbersome illustration how one can use
memberareas, which is a nice idea. A terrifying lack of safety though.
--
Rik Wasmus
Dec 19 '06 #4
There are some glaring security issues throughout the tutorial. I
wasn't saying that one should follow the tutorial exactly, only that I
learned from playing around with it.

Dec 19 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
6
3129
Secure Database Systems
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc) combination? I have the following in mind: I wanted to store all my( and my brothers and sisters) important document information such as birth certificate, SSN, passport number, travel documents, insurance(car, home, etc) document, and other...
PHP
8
9851
Secure login from ASP page to SQL Server DB
by: mo | last post by:
Sorry I can't be more specific, but.... I'd like to create a secure login from an ASP page to a specific SQL Server 2000 Db. Is there an accepted methodology for doing this? Are there any resourses that show how this can be done? Thanks for any help. Mo
ASP / Active Server Pages
18
2459
Help - Secure page by remembering user?
by: | last post by:
Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I need: A system whereby the user only has to register ONCE and he will have automatic entry to ANY page without havinto to RE-LOGIN even if he comes in
ASP / Active Server Pages
6
4815
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms Authentication set up and it worked just fine. Then I realized that I needed to have some pages unsecure. I then created 2 directories. One named Secure and the other named Public. I placed my web.config file in my
.NET Framework
4
1523
Best way to secure cookie session
by: Shabam | last post by:
I'm developing an application and want to have the "remember me" feature, so that users don't have to log back in again in the next visit. The problem here is, what happens if the user's cookie is stolen? Or, what prevents someone from figuring out the algorithm to the cookie session string? I've thought of using a random string (stored in the database) that's written to the user's cookie once he's logged in. Since it's random there...
.NET Framework
1
2142
Creating secure login page
by: sharp2037 | last post by:
Hi Everyone, I am working on an ASP.net application and I have a homepage to which everyone visits of course and on that front page I have a user ID and password box and a login button. What I don't understand is some sites I visit don't use SSL on the login page. Instead you visit the homepage and there is no padlock. Then you type in your user ID and password and then click login and then it redirects to a secure area.
ASP.NET
0
1477
secure ftp from unix
by: Holly | last post by:
I copied this code that works to connect into Unix. I am looking for a way to get it to work with a secure Unix box. Anyone have any insights on how to do this? I am trying to build an sftp service. Thanks Holly Imports System Imports System.Net Imports System.IO
Visual Basic .NET
2
1832
Looking for a close package of secure register and login
by: raknin | last post by:
Hi, I am looking for a close package of secure login and registeration written in PHP.The package that I am looking for should have the following functionality I believe this is standard functionality today: Login: 1. User enter user name and passsword 2. Forgot your password 3. Remember me on this computer
PHP
5
13008
topher23
Generate secure user passwords using the MD5 hash class module
by: topher23 | last post by:
I've seen a lot of questions about how to make secure database passwords. I'm going to go over a method of encrypting a password using the MD5 encryption algorithm for maximum security. First, you will need to download the attached class module (clsMD5.txt) and import it into your database. This class module is the core of what we're about to go over. Thanks to Robert Hubley for writing it - you're my hero! Next, your database needs a...
Microsoft Access / VBA
0
8246
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8179
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8685
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
8341
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8490
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
7174
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6112
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4084
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
1
1796
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us