Jump to content

a more secure php login ...

imarockstar

By imarockstar
in PHP Coding Help

Recommended Posts

imarockstar Regular Member

imarockstar

Posted
Posted

I know there are a billion threads on this ..  but .

 

im not looking to make a SUPER SECURE login ... but I would like it to be a tad bit more secure than I have it .. maybe using magic quotes ??? But Im not sure how to do that lol ... anyway here is my code .. feel free to ripp me a new one for not bieng secure !!!!

 

 

<?

include('settings.php');

// Use session variable on this page. This function must put on the top of page.
session_start();

////// Logout Section. Delete all session variable.
session_destroy();



////// Login Section.
$Login=$_POST['Login'];
if($Login){ // If clicked on Login button.
$username=$_POST['username'];
$md5_password=md5($_POST['password']); // Encrypt password with md5() function.



// Check matching of username and password.
$result=mysql_query("select * from users where username='$username' and password='$md5_password'");
if(mysql_num_rows($result)!='0'){ // If match.
session_register("username"); // Craete session username.
header("location:main.php"); // Re-direct to main.php
exit;
}else{ // If not match.
echo "--- Incorrect Username or Password ---";
}

} // End Login authorize check.
?>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/134068-a-more-secure-php-login/
Share on other sites
revraz Member

revraz

Posted
Posted

You can use a salt in combination with MD5 to make the PW more secure.

You should use mysql_real_escape_string on your form variables.

 

http://us3.php.net/function.mysql-real-escape-string

 

Use $_SESSION instead of session_register.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.