Is This A Good Script?

Is This A Good Script?

Free Web Hosting, No Ads

Free Web Hosting, No Ads Portal

Free Web Hosting

Welcome Guest ( Log In | Register)

Free Web Hosting, No Ads > CONTRIBUTE > Computers > Programming Languages > PHP Programming

Reply to this topic

Start new topic

Is This A Good Script?, A login script

Ojkatii View Member Profile Find Member's Posts	Aug 9 2007, 05:53 PM Post #1
Newbie [Level 1] Group: Members Posts: 10 Joined: 7-August 07 Member No.: 47,742	Okay, I am trying to password one page of my website. I need confirmation if this is a safe code or not. The whole code is on the page I'm protecting. CODE <?php include('header.php') ?> <?php // Define your username and password $username = "THE_USERNAME"; $password = "THE_PASSWORD"; if ($_POST['txtUsername'] != $username \|\| $_POST['txtPassword'] != $password) { ?> <h1>Login</h1> <form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <div align="center"> <center> <table border="0" cellpadding="5" cellspacing="0"> <tr> <td><label for="txtUsername">Username</label> </td> <td><input type="text" title="Enter your Username" name="txtUsername" /></td> </tr> <tr> <td><label for="txtpassword">Password</label> </td> <td><input type="password" title="Enter your password" name="txtPassword" /></td> </tr> </table> </center> </div> <p align="center"><input type="submit" name="Submit" value="Login" /></p> </form> <?php } else { ?> The stuff being protected here.... <?php } ?> <?php include('footer.php') ?> Is this a safe script, or could someone possibly discover the username and password? (list)

shadowx View Member Profile Find Member's Posts	Aug 9 2007, 09:45 PM Post #2
A clever man learns from his own mistakes, a WISE man learns from those of OTHERS Group: [HOSTED] Posts: 974 Joined: 12-April 06 From: Essex, UK Member No.: 21,719	It seems good to me, i have a comment though, I think you should check the username and password input doesnt contain malicious code, you could use strip_tags or make your own cleaning script, its not a massive concern as theres no database involved but i think it would be possible for an adept coder to inject code by entering it in the username/password box on the form. Other than this it seems fine to me, im not saying its 1OO% safe, nothing really is but i would feel happy about using it on my site. (list)

Ojkatii View Member Profile Find Member's Posts	Aug 10 2007, 01:08 AM Post #3
Newbie [Level 1] Group: Members Posts: 10 Joined: 7-August 07 Member No.: 47,742	Okay, thanks! All I needed was confirmation that it is somewhat safe. And thanks for the comments. (list)

jlhaslip View Member Profile Find Member's Posts	Aug 10 2007, 01:51 AM Post #4
A computer once beat me at chess, but it was no match for me at kick boxing. Group: [MODERATOR] Posts: 3,993 Joined: 24-July 05 From: In Trouble Again... still? Member No.: 9,787	Instead of using an assignment for the user name and password, check out the Define function. http://ca3.php.net/manual/en/function.define.php It adds a little bit to the security because "defined" values can not be modified by the script, so it would eliminate one possible security risk. Also, the first rule of using data from Forms is "NEVER TRUST USER INPUT". Always check the data to be certain it is not harmful. (list)

Codemaster Snake View Member Profile Find Member's Posts	Aug 26 2007, 12:31 PM Post #5
Member [Level 1] Group: Members Posts: 67 Joined: 13-January 07 From: New Delhi Member No.: 37,091	I would say that this is not a secure script. any body can easily hack into this script by linkin this with other script on some other terminal. He can easily modify the variables as they are defined globally. So, I won't recommend it. (list)

Stenno View Member Profile Find Member's Posts	Sep 29 2007, 10:59 AM Post #6
Newbie [Level 1] Group: [HOSTED] Posts: 21 Joined: 29-September 07 Member No.: 50,836	Use strtolower() function to make your login script NOT case sensitive. Case sensitive login system are safer but could be annoying for the visitor. if (strtolower($_POST['txtUsername'])!= strtolower($username) \|\| strtolower($_POST['txtPassword']) != strtolower($password)) { (list)

Dok7as View Member Profile Find Member's Posts	Oct 6 2007, 09:10 AM Post #7
Newbie Group: Members Posts: 3 Joined: 6-October 07 Member No.: 51,198	I think it is a good script (list)

mahirharoon View Member Profile Find Member's Posts	Nov 26 2007, 11:47 AM Post #8
Advanced Member Group: Members Posts: 102 Joined: 25-November 07 Member No.: 53,695	it should be 100% safe because if the script is server side the server makes it html and sends to browser when we open view source it shows the page content but the problem comes when linking the hackers right clicks and choose save target as , to solve the problem the page which contains link should be any server side language or flash or java EDITED BECAUSE:no grammar This post has been edited by mahirharoon: Nov 26 2007, 12:20 PM (list)

de4thpr00f View Member Profile Find Member's Posts	Nov 27 2007, 01:13 AM Post #9
Member [Level 2] Group: Members Posts: 76 Joined: 21-November 07 Member No.: 53,412	well, i can't say it's easy to hack and that anyone can break the code. Try to include the login part from other file. that way will be more secure. You can also add another security. A db, the form confirms the user on the db, and the conection is made from another php and voilá, an headache to hackers =) (list)

online View Member Profile Find Member's Posts	Dec 20 2007, 08:14 PM Post #10
Newbie Group: Members Posts: 4 Joined: 20-December 07 Member No.: 55,063