FlyingIsFun1217 Posted April 21, 2008 Share Posted April 21, 2008 Hey! Can anybody test this site to see if you can get access to my 'special page' by using the password login (not just... going there)? Right now, the main Phpfreaks.com site seems to be down, so I can't get to any tutorials to try and learn more security stuff. FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102219-security-test/ Share on other sites More sharing options...
dptr1988 Posted April 21, 2008 Share Posted April 21, 2008 If you would post the relevent portion of the script that handles the login, I could check it for security related bugs. Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523290 Share on other sites More sharing options...
FlyingIsFun1217 Posted April 21, 2008 Author Share Posted April 21, 2008 Well, I know storing the password text-wise is bad, but right now, I've got no other way of doing it (want to keep it file-based). Is there a way of just storing the md5? <?php $passwordFromLogin = $_POST['passwrd']; $passwordEncrypted = md5($passwordFromLogin); $passwordText = "text_form_of_password_saved_here"; $encryptedPass = md5($passwordText); if ($passwordEncrypted == $encryptedPass) { echo '<script type="text/javascript">'; echo 'window.location = "http://flyingisfun1217.freeweb7.com/gallery/mySpecialPage.php"'; echo '</script>'; } else { echo '<script type="text/javascript">'; echo 'window.location = "http://flyingisfun1217.freeweb7.com/gallery/error.php"'; echo '</script>'; } ?> Thanks! FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523301 Share on other sites More sharing options...
dptr1988 Posted April 21, 2008 Share Posted April 21, 2008 Well, that login code looks very secure! I don't know of any way that it could be 'hacked' from a remote computer. Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523324 Share on other sites More sharing options...
FlyingIsFun1217 Posted April 21, 2008 Author Share Posted April 21, 2008 No sarcasm needed. What is its weak point(s)? Thanks! FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523349 Share on other sites More sharing options...
dptr1988 Posted April 21, 2008 Share Posted April 21, 2008 No sarcasm intended. I guess I didn't make my self clear. There are no weak points. The code is secure. It's perfect! Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523397 Share on other sites More sharing options...
FlyingIsFun1217 Posted April 22, 2008 Author Share Posted April 22, 2008 ...ohh? I just assumed there would have been something that was not quite up to par. Thanks! FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523458 Share on other sites More sharing options...
unidox Posted April 22, 2008 Share Posted April 22, 2008 Try to experiment with sessions now, so you can stay logged in. Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523531 Share on other sites More sharing options...
FlyingIsFun1217 Posted April 22, 2008 Author Share Posted April 22, 2008 Actually, I'm using a stored MD5 hash (in a cookie) check against that of the site password. Might think about sessions later, but for now, I'll focus on getting my cookie check to work, and make sure my thumbnail (picture gallery I'm 'creating') generation works right. Thanks again for your help, and sorry for being hasty in the one post FlyingIsFun1217 Link to comment https://forums.phpfreaks.com/topic/102219-security-test/#findComment-523538 Share on other sites More sharing options...
Recommended Posts