Jump to content

How to secure log-in form


aeonsky

Recommended Posts

I keep trying to secure the log-in form with mysql escape, but it doesn't work for some reason. Can you please tell me how to properly secure this form against SQL Injections, here is the authorization code:

 

$action = $_REQUEST['action'];
$userform = $_REQUEST['userform'];
$passform = $_REQUEST['passform'];

if ($_SESSION['login'] != "yes" && $action == "check") {
$dbhost = 'localhost';
$dbuser = 'xxx';
$dbpass = 'xxx';
$dbname = 'xxx';
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql!');

mysql_select_db($dbname, $conn);
$result = mysql_query("SELECT * FROM user WHERE username='$userform'");

$row = mysql_fetch_array($result);
if($row['username'] == "") {echo "Wrong username!", die;};
$hash = md5(md5($passform).$row['salt']);
if ($hash != $row['password']) {echo "Wrong password!"; die;};

$_SESSION['login'] = "yes";
$_SESSION['user'] = $row['username'];
mysql_close();

header('Location: index.php');};

 

Thank you!

Link to comment
https://forums.phpfreaks.com/topic/109985-how-to-secure-log-in-form/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.