Username and Password Exposed
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
definantly thru a form
a form using POST
a form using POST
Code: Select all
<form method="post">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" value="Login" />
</form>- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
What's the use of the trailing (/) at the end of each input?hob_goblin wrote:definantly thru a form
a form using POST
Code: Select all
<form method="post"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="Login" /> </form>
Why dont you just create a cookie thats checked in the header :
then in the page you want to be protected
Code: Select all
$StrSQL = "SELECT * FROM unz_users WHERE username = '$HTTP_COOKIE_VARSїusername]' AND password = '$HTTP_COOKIE_VARSїpassword]'";
$StrResult = mysql_query($StrSQL);
$row = mysql_fetch_assoc($StrResult);
$rank = $rowїrank];Code: Select all
if (mysql_num_rows($StrResult) <= 0)
{echo "<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr> ......} else {}use md5() or crypt() to cover your password string
everytime you handle password you should use the md5 or crypt function...
see the example below:
********
<?
$md5 = md5("hello");
echo $md5 . "<br>\n";
$password = "hello";
$pass = crypt($password, "xx");
echo $pass;
?>
********
see the example below:
********
<?
$md5 = md5("hello");
echo $md5 . "<br>\n";
$password = "hello";
$pass = crypt($password, "xx");
echo $pass;
?>
********
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
It's XHTML as opposed to HTML. In XHTML (which is the latest version of HTML) all tags have to be closed either with a specific closing tag:phice wrote:What's the use of the trailing (/) at the end of each input?hob_goblin wrote:definantly thru a form
a form using POST
Code: Select all
<form method="post"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="Login" /> </form>
Code: Select all
<p>Text</p>Code: Select all
<img src="blah.gif" width="x" height="y" />
<br />
<hr />Mac
-
Fallen_Angel
- Forum Newbie
- Posts: 3
- Joined: Fri Aug 30, 2002 1:41 pm
Re: Login!
Code: Select all
// sets cookies mmmmmm cookies....................
// I think to check them both it is && but I am not shure!
// so if it works it checks for username and password
// and if there is no user / pass make set user and password!
if (!$http_cookies_varsїusername] && !$http_cookies_varsїpassword])
{
setcookie("username", "$user", "+3600"); // set by cookie name stran time
setcookie("password", "$pass", "+3600");
}
else {
// now check to see if user and password are real if not then comeback
// with nothing!
$StrSQL = "SELECT * FROM unz_users WHERE username = '$HTTP_COOKIE_VARSїusername]' AND password = '$HTTP_COOKIE_VARSїpassword]'";
$StrResult = mysql_query($StrSQL);
$row = mysql_fetch_assoc($StrResult);
}
// get user and password from cookies that are set!
$usercoo=$HTTP_COOKIE_VARSїusername];
$passcoo=$HTTP_COOKIE_VARSїpassword];
$passcoo=md5($passcoo);
print "welcome $usercoo your password is $passcoo (encrypted)";