PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
$log_data = mysql_query("SELECT * FROM members WHERE username='$username' and password='$password'");
$log_check = mysql_num_rows($log_data);
if ($log_check != 1) { .......
I thought of using the JavaScript method of "redirecting" pages, however, I am concerned for those who may have JavaScript disabled.
Okay, I switched it up a little bit, but now I am left with another issue....
I am using an IF ELSE statement which basically says:
If user is NOT logged in, display the login form, if user IS logged in successfully, display member page.
$username = $_POST['Username'];
$password = md5($_POST['Password']);
$log_data = mysql_query("SELECT * FROM members WHERE username='$username' and password='$password'");
$log_check = mysql_num_rows($log_data);
Now for the REAL concerns...
md5 is no longer cryptographically suitable for passwords. Never use it for hasing passwords. You can use sha1, but it is speculated that it will soon suffer the fate of md5. I recommend using no less than sha256. Read the php manual on the hash() function, and choose a strong algorithm.
Your code is vulnerable to SQL injection. You MUST escape all data before sending it to the database. read the php manual on mysql_real_escape_string.
If it's available, you should use the mysqli extension, rather than the mysql extension. They both do the same thing, but mysqli offers some benefits. Mysqlnd would be best, but it will probably take time before its available on most web hosts.
You should check existence of foreign data before happily using it, otherwise you may throw notices. Plus, its just good practice.
You should use the sql LIMIT clause when you only expect a certain amount of results. For example, you should only expect 1 user to be returned by your login script, then use LIMIT 1.
You should also get in the habit of terminating your queries with a semi colon. Mysql doesnt support multiple queries per request, but other databases do.
A Mysql query will return false if there was an error. Check to make sure your query did not fail, before using it.
You should probably validate your data before using it as well. What is the point of running a query, if the username is blank. Does your system allow a blank username? How about a username of "ò"?
$username = (isset($_POST['Username'])) ? $_POST['Username'] : "";
$password = (isset($_POST['Password'])) ? hash('sha512', $_POST['Password']) : "";
# Validate data here
if(empty($username))
# Username is blank. Kill the script and present the user with an error message.
$log_data = mysql_query(sprintf("SELECT * FROM `members` WHERE `username`='%s' and `password`='%s' LIMIT 1;"),
mysql_real_escape_string($username),
mysql_real_escape_string($password));
if($log_data)
$log_check = mysql_num_rows($log_data);
else
// Query Failed. Handle the error.
Last edited by flying_circus on Fri Feb 19, 2010 1:17 pm, edited 1 time in total.
This is a learning experience for me (so far I LOVE it!).
I understand that PHP has quite a few vulnerabilities, and I was quite worried about that as I really don't know how to combat them.
Thank you for posting some methods in solving those vulnerabilities!
I will continue using this Thread if I have any other questions / concerns regarding this project of mine.