Page 2 of 2

Posted: Thu Sep 05, 2002 2:53 pm
by twigletmac
But how does the user tell you their username and password for you to put it in a cookie, or check it against something in a database?

Mac

Posted: Thu Sep 05, 2002 5:32 pm
by hob_goblin
definantly thru a form

a form using POST

Code: Select all

<form method="post">
   <input type="text" name="username" />
   <input type="password" name="password" />
   <input type="submit" value="Login" />
</form>

Posted: Thu Sep 05, 2002 7:38 pm
by volka
exactly what I was trying to say ;)
whatever security layer you're wrapping around a connection (i.e. SSL) there are only three modes defined in http how users can initiate to send data to the server (get,post,put)

Posted: Fri Sep 06, 2002 1:51 am
by twigletmac
I think some people were forgetting the most basic step - the user has to tell you their username and password otherwise even the most paranoid checking mechanism is fairly useless... :lol:

Mac

Posted: Fri Sep 06, 2002 3:30 am
by volka
the most secure website is that one not connected to the net :D

Posted: Fri Sep 06, 2002 4:22 am
by m3mn0n
...lol

it's wouldn't be a real "web" site now would it ;)

Posted: Fri Sep 06, 2002 9:41 am
by phice
hob_goblin wrote:definantly thru a form

a form using POST

Code: Select all

<form method="post">
   <input type="text" name="username" />
   <input type="password" name="password" />
   <input type="submit" value="Login" />
</form>
What's the use of the trailing (/) at the end of each input?

Posted: Fri Sep 06, 2002 9:45 am
by Aaron
Why dont you just create a cookie thats checked in the header :

Code: Select all

$StrSQL = "SELECT * FROM unz_users WHERE username = '$HTTP_COOKIE_VARS&#1111;username]' AND password = '$HTTP_COOKIE_VARS&#1111;password]'";
$StrResult = mysql_query($StrSQL);

$row = mysql_fetch_assoc($StrResult);
$rank = $row&#1111;rank];
then in the page you want to be protected

Code: Select all

if (mysql_num_rows($StrResult) <= 0) 

&#123;echo "<table width="100%" border="0" cellspacing="0" cellpadding="5">
  <tr> ......&#125; else &#123;&#125;

use md5() or crypt() to cover your password string

Posted: Fri Sep 06, 2002 10:32 am
by creata
everytime you handle password you should use the md5 or crypt function...

see the example below:
********
<?
$md5 = md5("hello");
echo $md5 . "<br>\n";
$password = "hello";
$pass = crypt($password, "xx");
echo $pass;
?>
********

Posted: Fri Sep 06, 2002 11:09 am
by twigletmac
phice wrote:
hob_goblin wrote:definantly thru a form

a form using POST

Code: Select all

<form method="post">
   <input type="text" name="username" />
   <input type="password" name="password" />
   <input type="submit" value="Login" />
</form>
What's the use of the trailing (/) at the end of each input?
It's XHTML as opposed to HTML. In XHTML (which is the latest version of HTML) all tags have to be closed either with a specific closing tag:

Code: Select all

<p>Text</p>
or with a closing slash inside the tag:

Code: Select all

<img src="blah.gif" width="x" height="y" />
<br />
<hr />
All attributes have to be in double quotes and everything has to be in lowercase as well.

Mac

Re: Login!

Posted: Fri Sep 06, 2002 12:38 pm
by Fallen_Angel

Code: Select all

// sets cookies mmmmmm cookies....................
  // I think to check them both it is && but I am not shure!
  // so if it works it checks for username and password
  // and if there is no user / pass make set user and password!
if (!$http_cookies_vars&#1111;username] && !$http_cookies_vars&#1111;password])
  &#123;
  setcookie("username", "$user", "+3600"); // set by cookie name stran time
  setcookie("password", "$pass", "+3600");
&#125;
else &#123;
// now check to see if user and password are real if not then comeback
// with nothing! 
$StrSQL = "SELECT * FROM unz_users WHERE username = '$HTTP_COOKIE_VARS&#1111;username]' AND password = '$HTTP_COOKIE_VARS&#1111;password]'"; 
$StrResult = mysql_query($StrSQL); 
$row = mysql_fetch_assoc($StrResult);
&#125;
// get user and password from cookies that are set!
$usercoo=$HTTP_COOKIE_VARS&#1111;username];
$passcoo=$HTTP_COOKIE_VARS&#1111;password];
$passcoo=md5($passcoo);
print "welcome $usercoo your password is $passcoo (encrypted)";
Rember a newbie coded this!!!!!!!