madk Posted May 20, 2008 Share Posted May 20, 2008 This afternoon I tried to setup a simple single page login form. The username and password are pulled from an include file and not a db. Does anyone notice any faults? Hosted here: http://www.mattkris.com/admin/admin_login.php Username: test Password: dummy Thanks in advance. <? session_start(); include_once("../config.php"); // Setup defaults $error = ""; if(isset($_POST['admin_name']) && isset($_POST['admin_pass'])) { if(empty($_POST['admin_name'])) { $error .= "Please enter a username.<br />"; } if(empty($_POST['admin_pass'])) { $error .= "Please enter a password.<br />"; } if(!empty($_POST['admin_name']) && !empty($_POST['admin_pass'])) { if ($_POST['admin_name'] != USER_NAME || $_POST['admin_pass'] != USER_PASS) { // If login details don't match $error .= "Login Error"; } else { // Login matches, set session and forward $_SESSION['username'] = $user; $url = 'Location:' . SITE_URL . 'admin/index.php'; header($url) ; exit; } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <title><? echo SITE_NAME; ?> - Admin Menu</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="stylesheet" type="text/css" href="style.css" /> <script type="text/javascript"> function focusit() { document.getElementById('admin_name').focus(); } window.onload = focusit; </script> </head> <body> <div style="padding-top: 100px"> <form name="login" action="admin_login.php" method = "post"> <? if(!empty($error)) { ?> <div class = "notice"> <? echo $error; ?> </div> <? } ?> <table class = "login" cellspacing="0" cellpadding="5"> <tr bgcolor="#808080"> <td style="color:#FFFFFF"><b>Admin Login</b></td> <td></td> <td></td> </tr> <tr> <td rowspan="3"></td> <td> Username<br /></td> <td> <input type="text" id="admin_name" name="admin_name" value="" /></td> </tr> <tr> <td>Password </td> <td><input type="password" id="admin_pass" name="admin_pass" value="" /></td> </tr> <tr> <td><input type="hidden" name="e" value="0" /></td> <td><input type="submit" name="submit" value="Log In" /></td> </tr> </table> </form> </div> </body> </html> Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/ Share on other sites More sharing options...
947740 Posted May 20, 2008 Share Posted May 20, 2008 Looks and tested fine. Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/#findComment-545987 Share on other sites More sharing options...
smc Posted May 21, 2008 Share Posted May 21, 2008 I would be careful with hard coded passes. Off the bat I don't see anything immediately exploitable but I'm far from a premo-hacker. Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/#findComment-546199 Share on other sites More sharing options...
947740 Posted May 21, 2008 Share Posted May 21, 2008 If you do switch over to a database, you will want to use mysql_real_escape_string() to sanitize the user input. Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/#findComment-546487 Share on other sites More sharing options...
kbh43dz_u Posted May 31, 2008 Share Posted May 31, 2008 I would at least save the hash of the password - not in plain text. if somebody can access your webserver (through an security issue, misconfiguration or anything else) he can read the pass. kind regards Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/#findComment-554110 Share on other sites More sharing options...
juliston Posted June 3, 2008 Share Posted June 3, 2008 seems working fine............ Link to comment https://forums.phpfreaks.com/topic/106513-please-test-my-single-page-login-form-for-vulnerabilities/#findComment-556174 Share on other sites More sharing options...
Recommended Posts