jamarchi

Sorry......but until today I could see all the msm.... Can some one tell me how can I fix this code in order to hava a good one.... Thank you very much

Yes you right..... sorry for that, but really.... I don't know waht to do or how to do....

I don't know how to say that.... but, Can some one, please , fix the code ? Thank you If you want contact to me in my msm

What is strip_tags() function? ???

Hi To all Thank you for your answers..... But, can you tell me what i have to do..... i very new in the secure topic in php and i have more than 3 month triying to create a good code..... Thank you...

Hi Everybody I've searched and changed this code, but I would like to know if this code is secure, Can someone please help me with that Index.php <table width=350 border=1 bgcolor=#3399FF> <?php //Se inicia la session session_start(); $username = $_SESSION['username']; $password = $_SESSION['password']; //Chequea si hay username y password if(!$username && !$password){ echo "Bienvenido Visitante! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>"; }else{ echo "Bienvenido ".$username." (<a href=logout.php>Salir</a>)"; echo "Aqui va la parte protegida ? "; //echo "<table width=350 border=1 bgcolor=#3399FF>\n"; echo " <tr>\n"; echo " <td>Esta parte es protegida ?</td>\n"; echo " </tr>\n"; //echo "</table>\n"; } ?> </table> Login.php <?php session_start(); //Formulario para entrar function index(){ echo "<form action='?act=login' method='post'>" ."Username: <input type='text' name='username' size='30'><br>" ."Password: <input type='password' name='password' size='30'><br>" ."<input type='submit' value='Login'>" ."</form>"; } // Esta funcion chequea si la informacion es correcta function login(){ //Toma la informacion del formulario $username = $_REQUEST['username']; $password = $_REQUEST['password']; //conecta la base de datos $connect = mysql_connect("localhost", "root", ""); if(!$connect){ die(mysql_error()); } //Selecciona la base $select_db = mysql_select_db("base_nombre"); if(!$select_db){ die(mysql_error()); } //chequea si la informacion es correcta $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; $select_user = mysql_query("SELECT * FROM users WHERE id='$id'"); $row2 = mysql_fetch_array($select_user); $user = $row2['username']; if($username != $user){ die("Username incorrecto!"); } $pass_check = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id'"); $row3 = mysql_fetch_array($pass_check); $email = $row3['email']; $select_pass = mysql_query("SELECT * FROM users WHERE username='$username' AND id='$id' AND email='$email'"); $row4 = mysql_fetch_array($select_pass); $real_password = $row4['password']; if($password != $real_password){ die("Password incorrecto!"); } //Si todo es correcto crea las sesione y permite engresar session_register("username", $username); session_register("password", $password); echo "Bienvenido, ".$username." Para continuar de click aqui en el <a href=index.php>Index</a>"; } switch($act){ default; index(); break; case "login"; login(); break; } ?> Logout.php <?php session_start(); //Aqui se destruye la session session_destroy(); echo "Usted no esta logueado!, seleccione <a href=index.php>Index</a> o <a href=login.php>Ingresar</a>"; ?> REgister.php <?php //Muestra el formulario de registro function register_form(){ $date = date('D, M, Y'); echo "<form action='?act=register' method='post'>" ."Username: <input type='text' name='username' size='30'><br>" ."Password: <input type='password' name='password' size='30'><br>" ."Confirmar password: <input type='password' name='password_conf' size='30'><br>" ."Email: <input type='text' name='email' size='30'><br>" ."<input type='hidden' name='date' value='$date'>" ."<input type='submit' value='Register'>" ."</form>"; } //Registra la informacion del usuario function register(){ //Connecta la database $connect = mysql_connect("localhost", "root", ""); if(!$connect){ die(mysql_error()); } //Selectciona la database $select_db = mysql_select_db("data_name"); if(!$select_db){ die(mysql_error()); } //Informacion $username = $_REQUEST['username']; $password = $_REQUEST['password']; $pass_conf = $_REQUEST['password_conf']; $email = $_REQUEST['email']; $date = $_REQUEST['date']; //Apartir de aqui se empieza a chequear la informacion if(empty($username)){ die("Favor digitar su username!<br>"); } if(empty($password)){ die("Favor digitar su password!<br>"); } if(empty($pass_conf)){ die("Favor confirmar su password!<br>"); } if(empty($email)){ die("Favor digitar su email!"); } //Chequeamos que el username no este en uso $user_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $do_user_check = mysql_num_rows($user_check); //Ahora chequeamos si el email no este en uso $email_check = mysql_query("SELECT email FROM users WHERE email='$email'"); $do_email_check = mysql_num_rows($email_check); //Mostramos errores if($do_user_check > 0){ die("Ese Username ya esta registrado!<br>"); } if($do_email_check > 0){ die("Ese email ya esta registrado!"); } //chequeamos que los passwords sean iguales if($password != $pass_conf){ die("Los password digitados son diferentes!"); } //Si todo esta bien, se agrega el usuario $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); if(!$insert){ die("Hay un problema: ".mysql_error()); } echo $username.", ha sido registrado. muchas gracias!<br><a href=?act=login>Ingresar</a> | <a href=index.php>Index</a>"; } switch($act){ default; register_form(); break; case "register"; register(); break; } ?> Thank you for your help Regards,