Login Script

[common]

Hey ppl

 

I have a login script that I found in a PHP MySQL book. And yesterday I realized that it is easy to hack this script as it use session variables and it can use cookies.

 

DOes anyone have login script for me that is secure and easy to implement?

 

It would really help!

 

Thanks

[rwwd]

There are loads of freebies out there, just depends of the level of security that your wanting; search for "php class repository" on google, sign up (it's free) and have a look in there, I quite often go in there and then take a few, and cobble the best bits together.

 

BUT, if your wanting to learn, there is nothing like starting with a new document and writing a login class from scratch. Then at least you can track what happens and add new methods as you find you need them.

 

Rw

[Rifts]

http://www.phpeasystep.com/phptu/6.html

[PFMaBiSmAd]

^^^ The problem with posting links to scripts is there is no way to tell if they meet the requirements that the OP is looking for (the best person to find a script that meets all their requirements is the person looking for the script.)

 

Also, there are just a HUGE amount of outdated and insecure php scripts posted all over the Internet where the only concern of the site posting them is revenue from ads and links you might click on while visiting the site.

 

@Rifts, the link you posted has the following problems and should not be used as is -

 

1) The passwords are not hashed/encrypted when stored in the database. That site only suggests hashing the passwords by including a link near the end of that page.

 

2) The script is 8+ years out of date (use session_register and session_is_registered instead of $_SESSION variables) and won't work on most current php installations.

 

3) The code is unconditionally using stripslashes() on the form data without testing if the setting that would require that step to be performed is ON.

 

4) The code is inconsistently using some short open tags along with full open tags. Only full open tags should be used in any code, especially code posted as being a 'guide' to doing anything in php, to insure you don't waste time trying to get it to work on any particular server or when moving to a different server.

 

5) The code that is to be put on any page to test if the current visitor is logged in, is not secure because there is no exit;/die; statement after the header redirect to prevent the 'secured' content on the page from being accessed. Any hacker can bypass the login check code and access the protected page.

 

6) The tutorial incorrectly implies that for php5 you must do something different to one part of the code.