Jump to content

Login System Test.

skein

By skein
in Beta Test Your Stuff!

 Share

Recommended Posts

skein Member

skein

Posted
Posted

Is this script ok for a login system???

This script is was writen in the idea that it does't go to another page.

 

<?php

echo ("");

}

//////////////////////////////

//===session activation===//

session_start();

$_POST['logged']=trim($_POST['logged']);

if(isset($_POST['logged'])){

$logout=$_POST['logged'];

}

//===log out===//

if($logout=='Log Out'){

$_SESSION['username']=NULL;

session_destroy();

}

//===login check===//

if(isset($_POST['username']) && !isset($_SESSION['username'])){

//===space removal===//

$_POST['username']=trim($_POST['username']);

$id2=session_id();

//===username check===//

if($_POST['username']==""){

echo "<center>error: you didn't enter username<center>";

}

if($_POST['username']!=""){

//===session id check===//

if($id2==$_POST['id']){

$name=$_POST['username'];

$pass=$_POST['password'];

//===if user exists===//

$check = mysql_query("SELECT * FROM admin WHERE user=MD5('$name') and pass=MD5('$pass')");

if(mysql_num_rows($check)>0){

//===if check succesful loging in===//

$_SESSION['username']=$_POST['username'];

$_POST['username']=NULL;

}else{echo "<center>error: you entered a wrong username or password</center>";}

}else{

echo "error: attempt to enter from a remote server";

}

}

}

//===if admin loged in===//

if(isset($_SESSION['username'])){

echo("<center>");

echo ($_SESSION['username']);

echo("</center><br>");

$logout=false;

echo ("<center><form method=post>

<input type=submit value='Log Out' name='logged'></center>");

}else{

//===if admin not loged in===//

session_start();

$id=session_id();

echo ("<center><form method=post>

Username:<input type=text name='username'><br>

Password:<input type=password name='password'><br>

<input type=hidden name='id' value='$id'>

<input type=submit value='Log In'></center>");

}

?>

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

where to start....how about the top...

 

The following line is pointless, remove it

   echo ("");

 

In the following, you are setting $_POST['logged'] (which isn't good practice to begin with), but because of it, isset() will return true:

   $_POST['logged']=trim($_POST['logged']);
   if(isset($_POST['logged'])){
      $logout=$_POST['logged'];
   }

it should look more like this:

   if(isset($_POST['logged'])){
      $logout=trim($_POST['logged']);
   }

 

Again, don't modify values in POST. You use $name later anyways, so just set it earlier on:

   if(isset($_POST['username']) && !isset($_SESSION['username'])){
      //===space removal===//
      $name=trim($_POST['username']);
      $id2=session_id();
      //===username check===//
      if($name==""){
         echo "<center>error: you didn't enter username<center>";

 

also, make sure you use mysql_real_escape_string()

            $name=mysql_real_escape_string($name)
            $pass=mysql_real_escape_string($_POST['password']);
            //===if user exists===//
            $check = mysql_query("SELECT * FROM admin WHERE user=MD5('$name') and pass=MD5('$pass')");

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.