Is My Script Secure
Posted: Thu Aug 15, 2002 1:38 am
I have written this script to validate people wanting to look at the members only pages. I was just wondering if there was some sort of obvious security risk that i have over looked.
Please tell me any bad sides to my script as i want to get it right before i start using it.
Thanks in advance
Please tell me any bad sides to my script as i want to get it right before i start using it.
Thanks in advance
Code: Select all
include('header.php');
<?php
//start the session
session_start();
//Encrypting the password so tis ready to be compared with the emcrypted password stored in the datase
$encryptedpassword = md5($password);
// Connecting, selecting database
$dbconn = mysql_connect("localhost", "user", "password") or die("Could not connect to MySQL Server");
mysql_select_db("work") or die("Could not select MySQL database");
//query the user and pass
$sql = "SELECT user_id FROM members WHERE username='$username' && password='$encryptedpassword'";
$result = mysql_query($sql) or die("Query Failed at user checking stage". mysql_error());
//if they have entered the correct user nad pass register the session variables
if (mysql_num_rows($result) > 0)
{
$valid_user = $username;
session_register("valid_user");
echo "You Have Been Validated. <a href="next.php">Click Here To Continue</a>";
} else {
//else give them an error
echo "You either entered the wrong username / password combination or you are not a valid user\n <a href="membership.php">Click Here To Go Back</a>";
}
?>
include('footer.php');