473,386 Members | 1,785 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > a secure user login example

Join Bytes to post your question to a community of 473,386 software developers and data experts.

A secure user login example

Hi Everyone,
Do you have a place where i can find an example for a PHP system that
uses secure user login (e.g. web based mail application etc)
Thanks

Dec 19 '06 #1
4 2022
Rik
2g*****@gmail.com wrote:
Hi Everyone,
Do you have a place where i can find an example for a PHP system that
uses secure user login (e.g. web based mail application etc)
Tons around. This is a nice one, allthough it's got it's sortcomings, and
you'll have to image the HTTPS with it:
http://www.evolt.org/PHP-Login-Syste...Admin-Features
--
Rik Wasmus
Dec 19 '06 #2
I learned a lot by playing with this one:
http://www.phpfreaks.com/tutorials/65/0.php

Dec 19 '06 #3
Rik
PseudoMega wrote:
I learned a lot by playing with this one:
http://www.phpfreaks.com/tutorials/65/0.php

....
$username = $_POST['username'];
....
$username = stripslashes($username);
....
$sql_username_check = mysql_query("SELECT username FROM users WHERE
username='$username'");
....
$username_check = mysql_num_rows($sql_username_check);
(pffff, ok, I know what to put there.... something along the lines or
$username="a' OR 1 = 1 LIMIT 1")
....
$username_check = mysql_num_rows($sql_username_check);
....
if(($email_check 0) || ($username_check 0)){...}
(shouldn't that be a == 1?)
....
$sql = mysql_query("INSERT INTO users (first_name, last_name,
email_address, username, password, info, signup_date, decrypted_password)
VALUES('$first_name', '$last_name', '$email_address', '$username',
'$db_password', '$info2', now(), '$random_password')") or die
(mysql_error());

Uhoh, there goes the database.... I can update another username with my own
custom password without trouble....
The whole tutorial is filled with it. I hope he sais something in the end
about escaping (not stripslashes....), or this is a highly unsecure login
indeed. I'm not going to read it all though. At least jpmaster was using
addslashes... A nice, yet cumbersome illustration how one can use
memberareas, which is a nice idea. A terrifying lack of safety though.
--
Rik Wasmus
Dec 19 '06 #4
There are some glaring security issues throughout the tutorial. I
wasn't saying that one should follow the tutorial exactly, only that I
learned from playing around with it.

Dec 19 '06 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
Secure Database Systems
by: Sarah Tanembaum | last post by:
I was wondering if it is possible to create a secure database system using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
PHP
8
Secure login from ASP page to SQL Server DB
by: mo | last post by:
Sorry I can't be more specific, but.... I'd like to create a secure login from an ASP page to a specific SQL Server 2000 Db. Is there an accepted methodology for doing this? Are there any...
ASP / Active Server Pages
18
Help - Secure page by remembering user?
by: | last post by:
Please help. After a number of wrong turns and experiments I need advice on login management system to secure our web pages without inconveniencing our visitors or our internal staff. What I...
ASP / Active Server Pages
6
Secure and Unsecure Web Directories using Forms Authentication
by: Billy Jacobs | last post by:
I have a website which has both secure and non-secure pages. I want to uses forms authentication. How do I accomplish this? Originally I had my web.config file in the root with Forms...
.NET Framework
4
Best way to secure cookie session
by: Shabam | last post by:
I'm developing an application and want to have the "remember me" feature, so that users don't have to log back in again in the next visit. The problem here is, what happens if the user's cookie...
.NET Framework
1
Creating secure login page
by: sharp2037 | last post by:
Hi Everyone, I am working on an ASP.net application and I have a homepage to which everyone visits of course and on that front page I have a user ID and password box and a login button. What...
ASP.NET
0
secure ftp from unix
by: Holly | last post by:
I copied this code that works to connect into Unix. I am looking for a way to get it to work with a secure Unix box. Anyone have any insights on how to do this? I am trying to build an sftp...
Visual Basic .NET
2
Looking for a close package of secure register and login
by: raknin | last post by:
Hi, I am looking for a close package of secure login and registeration written in PHP.The package that I am looking for should have the following functionality I believe this is standard...
PHP
5
topher23
Generate secure user passwords using the MD5 hash class module
by: topher23 | last post by:
I've seen a lot of questions about how to make secure database passwords. I'm going to go over a method of encrypting a password using the MD5 encryption algorithm for maximum security. First,...
Microsoft Access / VBA
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!