Jump to content

User authentication

biscoe916

By biscoe916
in PHP Coding Help

Recommended Posts

biscoe916 Newbie

biscoe916

Posted
Posted

I wrote a script to authorize users upon entry to my website. It works perfectly, but i was wondering if you guys could take a look at my code to see if there are any security holes.

 

Code:

 

<?php
session_start();
header("Cache-control: private");
include("connect.php");
if(!$_SESSION["username"] && !$_POST["loginsubmit"])
{
	echo "Please log in"; ?>
	<form class="memberform" name="login_form" method="post" action="<?php $_SERVER['PHP_SELF']; ?>">
            Username: <input id="stextBox" type="text" name="username" /> <br />
		Password:  
		<input id="stextBox" type="password" name="password" /> 
		<br />

		<input type="submit" name="loginsubmit" value="Submit" />

            
          </form>
	<?php



	exit;
}	

if($_POST["loginsubmit"])
{
	$username = $_POST["username"];
	$password = md5($_POST["password"]);

	$sql = "SELECT * FROM users WHERE username='". $username ."' AND password='". $password ."'";
	$result = mysql_query($sql);

	$num = mysql_num_rows($result);

	if($num < 1) 
		{
			session_destroy();
			echo "Invalid username and/or password.";
			exit;
		} 
		else
		{
			session_register("username");
			session_register("password");

			$records = mysql_fetch_array($result);

			if($records["active"] != 1)
				{
                                                session_destroy();
					echo "Sorry ". $records["fname"]. " you're account hasn't been activated yet.";	
					exit;
				}


		}

} // if form submitted


?>

Link to comment
https://forums.phpfreaks.com/topic/95125-user-authentication/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.