Login script

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

No, my example uses MySQL's MD5 function, yours uses PHP's and it won't be correct for passwords containing SQL metacharacters. Use my example, or correct the PHP code accordingly.

Search google for "session fixation" (even Wikipedia has an article on it). Regenerating the session id is a countermeasure against it.
Mirux
Forum Commoner
Posts: 29
Joined: Sun May 13, 2007 7:11 pm

Post by Mirux »

Well, this is what you mean?

Code: Select all

<? session_start(); ?>
<?php
include ("variables.php");
function Login($myusername, $mypassword){
	global $connect, $mtable, $msg;
	$myusername= mysql_real_escape_string($myusername);
	$mypassword= mysql_real_escape_string($mypassword);
	$query= "SELECT * FROM $mtable WHERE name='$myusername' AND pw=MD5($mypassword)";
	$result= mysql_query($query);
	$num= mysql_num_rows($result);
	$row= mysql_fetch_array($result);
	if ($num != 1){
	die ($msg['login.error']);
	}
	else
	{
		if (!isset($_POST['checkbox'])){
		$_SESSION['myusername']= $row['name'];
		$_SESSION['mypassword']= $row['pw'];
		}
		else{
		setcookie("myusername", $row['name'], time()+604800);
		setcookie("mypassword", $row['pw'], time()+604800);
		$_SESSION['myusername']= $row['name'];
		$_SESSION['mypassword']= $row['pw'];
		}
		
	}
}
if (isset($_POST['submit'])){
	if (!$_POST['myusername'] || !$_POST['mypassword']){
		die ($msg['login.noinfo']);
	}
	else{
			Login($_POST['myusername'], $_POST['mypassword']);
			die ($msg['login.in']);
		}
		
	}
?>
<head>
<link rel='stylesheet' type='text/css' href='style.css'>
</head>
<table width='150' border='0' align='center' cellpadding='0' cellspacing='1' bgcolor='#CCCCCC'>
<tr>
<form name='form1' method='POST'>
<td>
<table width='100%' border='0' cellpadding='3' cellspacing='1' bgcolor='#FFFFFF'>
<tr>
<td colspan='3'><b>Member Login </b></td>
</tr>
<tr>
<td width='78'>Username</td>
<td width='6'>:</td>
<td width='300'><input name='myusername' type='text' maxlength='30'></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name='mypassword' type='password'></td>
</tr>
<td><input type='submit' name='submit' value='Login'></td>
<td></td>
<td><input type='checkbox' name='checkbox'> Remember me</td>
</tr>
</table>
</form>
</table>
The cookie part is not working well, I gotta fix it soon. But check out the MD5 part and the query which is the important.
Post Reply