[SOLVED] Is This Weak?

[genics]

hi folks,

 

I've created a login/session script using a tutorial I dug out of somewhere.

 

Anyway, here's my script:

 

<?php

session_start();

$errorMessage = '';

if (isset($_POST['username']) && isset($_POST['password'])) {

include('dbconnect.php');

 

$username = $_POST['username'];

$password = $_POST['password'];

 

$sql = "SELECT user_id FROM auth_user WHERE user_id = '$username' AND user_password = '$password'";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

 

if (mysql_num_rows($result) == 1) {

// Start Session

$_SESSION['logged_in'] = true;

header('Location: index.php');

exit;

} else {

$errorMessage = 'Login Incorrect';

}

include('dbdisconnect.php');

}

?>

 

My table is a simple 2 column table:

 

user_id  |  varchar  | 10 | Primary Key

user_password  |  varchar  | 32

 

 

Is there anyway to make this any more secure? Or is this fine?

 

[cmgmyr]

You should probably also do something like this too:

$safe_username = mysql_real_escape_string($_POST['username']);
$safe_password  = mysql_real_escape_string($_POST['password']);

[genics]

Thanks for replying

 

I'm not familiar with that, what does that exactly do?

Also, what about encrypting the passwords in the database itself?

[cmgmyr]

it cuts down on SQL injection attaks to your DB.

 

You should also use MD5 encryption for your passwords in your database.

 

$md5_pass = md5($password);

[genics]

Cool, I'll go with md5. How would I use the anti-injection script?

[cmgmyr]

Just do what I did with mysql_real_escape_string