Cooper94 Posted January 26, 2009 Share Posted January 26, 2009 I know I have been asking loads of questions about security and I was just wanted to know if this looked security tight. I do know that nothing will ever be 100% but it would help if it was close! Thank You Code: <li><ul> <center><font color="red"> <?php if(isset($_POST['submit'])) { // username and password sent from form $password=$_POST['password']; $password1=$_POST['password1']; $name=$_POST['name']; // To protect MySQL injection (more detail about MySQL injection) $password = stripslashes($password); $password = mysql_real_escape_string($password); $password1 = stripslashes($password1); $password1 = mysql_real_escape_string($password1); $name = stripslashes($name); $name = mysql_real_escape_string($name); $hours=$_POST['hours']; $hours = stripslashes($hours); $hours = mysql_real_escape_string($hours); $enc = md5($password); if ($password!=$password1){ echo "Password Does Not Match"; } elseif ($name==""){ echo "Invalid Name"; } elseif ($hours > "100"){ echo "We Do Not Accept Hours Over 100"; } else{ $sql=mysql_query("INSERT INTO pilots (name, hours, password) VALUES ('$name','$hours','$enc')"); } } ?> </center></font> <form name="form1" method="post" action="http://www.republicv.org/site1/job.php?content=app"> <table width="531" height="552" border="0"> <tr> Personal Information: </tr> <tr> <td colspan="2"><div align="left">Name:</div></td> <td colspan="2"><label> <input name="name" type="text" id="name2" value=""> </label></td> <td width="53">Email:</td> <td width="215"><label> <input name="email" type="text" id="email" value=""> </label></td> </tr> <tr> <td width="48"> </td> <td width="56"> </td> <td colspan="2"> </td> <td> </td> <td> </td> </tr> <tr> <td colspan="2">Vatsim ID:</td> <td colspan="2"><label><input name="VATSIM_ID" type="text" id="VATSIM_ID" value=""></label></td> <td>Location:</td> <td><label> <select name="location"> <option value=Afghanistan>Afghanistan</option> (left out the rest) </select> </label></td> </tr> <tr> <td> </td> <td> </td> <td colspan="2"> </td> <td> </td> <td> </td> </tr> <tr> <td colspan="6" bgcolor="#ffffff">Virtual Airline Experiance:</td> </tr> <tr> <td colspan="2">VA Experiance:</td> <td width="1"><label></label></td> <td width="108"><select name="experience"> <option value="Yes">Yes</option> <option value="No">No</option> </select></td> <td>Hours:</td> <td><label> <input type="text" name="hours" /> </label></td> </tr> <tr> <td> </td> <td rowspan="3"> </td> <td colspan="2" rowspan="3"> </td> <td rowspan="3"> </td> <td rowspan="3"> </td> </tr> <tr> <td>Resume:</td> </tr> <tr> <td> </td> </tr> <tr> <td colspan="6"><label> <textarea name="info" cols="40" rows="10" id="info">Include prior Virtual airlines, Talents and why you decided to join the VA</textarea> </label> <p> </p></td> </tr> <tr> <td colspan="6" bgcolor="#ffffff">Republic Virtual Information:</td> </tr> <tr> <td height="39" colspan="2">Desired Hub:</td> <td colspan="4"><label> <select name="hub"> <option value="KPHL">Philadelphia International Airport</option> <option value="KDCA">Ronald Reagon National Airport</option> <option value="KIND">Indianapolis International Airport</option> <option value="KPIT">Pittsburgh International Airport</option> </select> </label></td> </tr> <tr> <td height="18" colspan="2">Desired Password:</td> <td colspan="4"><label> <input name="password" type="password" id="password" value=""> </label></td> </tr> <tr> <td height="18" colspan="2">Validate Password:</td> <td colspan="4"><label> <input name="password1" type="password" id="password" value=""> </label></td> </tr> <tr> <td height="18" colspan="2">Age:</td> <td colspan="4"><label> <select name="age"> <option value="Below 13">-13</option> <option value="Above 13">+13</option> </select> </label></td> </tr> <tr> <td height="20" colspan="2"> </td> <td colspan="4"> </td> </tr> <tr> <td height="20" colspan="2"> </td> <td colspan="4"><label> <input type="submit" name="submit" title="Submit" id="btnLogin" value="Login" class="button" /> </label></td> </tr> </table> </form> </li></ul> Quote Link to comment https://forums.phpfreaks.com/topic/142528-security/ Share on other sites More sharing options...
premiso Posted January 26, 2009 Share Posted January 26, 2009 I would suggest against storing password in session. Also mysql_close is not needed. I would also set a unique variable like "loggedin" in the session and use that for verification purposes. If you want to use that in a more secure manner, set a hash to be logged in, maybe the time they logged in and their username, store that in the DB and reference it to verify they are logged in properly. I would also change your query to be this: $sql=mysql_query("SELECT name FROM pilots WHERE username='$username' and password='$enc' LIMIT 1"); Limit it by 1 so only that user is returned and since you are only using "name" from the db only return that data to save on processing time etc. Other than that I would say the security is decent. Better than most. Quote Link to comment https://forums.phpfreaks.com/topic/142528-security/#findComment-746883 Share on other sites More sharing options...
MadTechie Posted January 26, 2009 Share Posted January 26, 2009 stripslashes() isn't needed unless you have magic quotes on.. if(get_magic_quotes_gpc()) { $password1 = stripslashes($password1); } ALSO remember no matter how secure the door is, its no good if you leave the window open! Quote Link to comment https://forums.phpfreaks.com/topic/142528-security/#findComment-746888 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.