master82 Posted October 24, 2006 Share Posted October 24, 2006 Hello - I've created a rather messy user authentication script that is used once a user fills out the login form...[code]<?php//start sessionssession_start();//Delete current sessionsif($_SESSION['userid']){unset($_SESSION['userid']);}if($_SESSION['employ']){unset($_SESSION['employ']);}//call connection datainclude("db.php");//check username field populatedif($_POST['user'] == "") {die("No username entered");}//check password field populatedif($_POST['password'] == "") {die("No password entered");}//convert password to md5$securepass = md5($_POST['password']);//check username matches password$checkit = "SELECT userid FROM users WHERE username = '".$_POST['user']."' AND password = '$securepass'";$result = mysql_query($checkit,$db) or die("Details incorrect");while ($newArray = mysql_fetch_array($result)) {$userid = $newArray['userid'];$banned = $newArray['banned'];}//check if bannedif (mysql_num_rows($result) == 1) {if ($banned > 0 ) {die("You are currently banned for another $banned days");}//create session data$_SESSION['userid'] = $userid;$_SESSION['employ'] = 1;//set ip$ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];//set session id$sesid = session_id();//update ip in user table$updateip = mysql_query("Update users SET lastip = '$ip' WHERE username = '".$_POST['user']."' AND password = '$securepass'");//update last active in user table$updateactive = mysql_query("Update users SET lastactive = unix_timestamp() WHERE username = '".$_POST['user']."' AND password = '$securepass'");//update session id in user table$updatesid = mysql_query("Update users SET sessionid = '$sesid' WHERE username = '".$_POST['user']."' AND password = '$securepass'");//all checks complete - redirectheader("Location: home.php");}else{//fail - redirect back to login pageheader("Location: index.php");}?>[/code]Is there anything I could add to make it more secure or to prevent possible hacks or forced entry?Thanks in advance Quote Link to comment Share on other sites More sharing options...
Shad Posted October 24, 2006 Share Posted October 24, 2006 try to use elseif, its faster and easier. Also, dont insert data straight from a post into the database, you can be easily SQL injected. for example, [code=php:0]$checkit = "SELECT userid FROM users WHERE username = '".$_POST['user']."' AND password = '$securepass'";[/code]should be[code=php:0]$user = htmlspecialchars($_POST['user']);$checkit = "SELECT userid FROM users WHERE username = '$user' AND password = '$securepass'";[/code][/code]and for here:[code=php:0]$updateip = mysql_query("Update users SET lastip = '$ip' WHERE username = '".$_POST['user']."' AND password = '$securepass'");//update last active in user table$updateactive = mysql_query("Update users SET lastactive = unix_timestamp() WHERE username = '".$_POST['user']."' AND password = '$securepass'");//update session id in user table$updatesid = mysql_query("Update users SET sessionid = '$sesid' WHERE username = '".$_POST['user']."' AND password = '$securepass'");//all checks complete - redirect[/code]make it all in one:[code=php:0]$update = mysql_query("Update users SET lastip = '$ip',lastactive = unix_timestamp(),sessionid = '$sesid' WHERE username = '".$_POST['user']."' AND password = '$securepass'");[/code] Quote Link to comment Share on other sites More sharing options...
alpine Posted October 24, 2006 Share Posted October 24, 2006 Like this:[code]<?phpsession_start();if(isset($_SESSION['userid'])) $_SESSION['userid'] = null;if(isset($_SESSION['employ'])) $_SESSION['employ'] = null;include("db.php");if(!empty($_POST['user']) || !empty($_POST['password'])){$username = htmlspecialchars($_POST['user']);$securepass = md5($_POST['password']);$checkit = mysql_query("SELECT userid,banned FROM users WHERE password = '$securepass' AND username = '$username'");if(mysql_num_rows($checkit) <> 1){ die("No valid user found");}else{$newArray = mysql_fetch_array($checkit);$userid = $newArray['userid'];$banned = $newArray['banned'];if ($banned > 0 ) die("You are currently banned for another $banned days");$_SESSION['userid'] = $userid;$_SESSION['employ'] = 1;$ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];$sesid = session_id();$update = mysql_query("Update users SET lastip = '$ip',lastactive = unix_timestamp(),sessionid = '$sesid'WHERE username = '$username' AND password = '$securepass'");if($update){header("Location: home.php");exit();}else{die("Login failed to complete, try again");}}}else{header("Location: index.php");}?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.