Hello,
Does anyone know of an already built and script for user login accounts for download????? Similar to wordpress, except without the blog, just the database creations and local host info. That would be great for me study while I duplicate one on my website.
-Chad-
PHP Login Script Ready To Install and Configure??
Moderator: General Moderators
-
french2080
- Forum Newbie
- Posts: 6
- Joined: Wed Apr 16, 2008 12:34 pm
Re: PHP Login Script Ready To Install and Configure??
Check out my blog at http://www.sambarrow.com.
There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
Re: PHP Login Script Ready To Install and Configure??
It has several security problems:samb0057 wrote:There is an advanced login script on there that includes brute-force protection (user is allowed X login attempts before they are locked out for N minutes).
1. Denial of service by locking out arbitrary accounts
2. User enumeration by specific error messages
3. Unsalted passwords (looks like it at least)
(4. Bad API design, esp. on the escaping mechanisms, but that's more of a subjective sin)
I wouldn't call it "advanced" until there are precautions against the entire (or at least much larger parts of the) attack tree against logins.
-
french2080
- Forum Newbie
- Posts: 6
- Joined: Wed Apr 16, 2008 12:34 pm
Re: PHP Login Script Ready To Install and Configure??
Cool,
I will look at these things and try see if I can figure out the code. It is just ever since I started learning html, and css styling I had an application to work off of, and I was able to pick up the language rather quickly. I am finding it to be a challenge right now using php and understanding all the functions. But again thanks for the link I will try it out and hopefully have a response.
-Chad-
I will look at these things and try see if I can figure out the code. It is just ever since I started learning html, and css styling I had an application to work off of, and I was able to pick up the language rather quickly. I am finding it to be a challenge right now using php and understanding all the functions. But again thanks for the link I will try it out and hopefully have a response.
-Chad-
Re: PHP Login Script Ready To Install and Configure??
Picking up PHP is a bit more difficult then html and css. And more importantly, the consequences of doing something wrong are much much bigger (I'm thinking about security).
A login system is something quite difficult to do well. Many ways to do it wrong (and insecure). I'd be careful in just putting up something on your server and trusting that. I don't know what you're planning to do with it, but it's just a suggestion.
A login system is something quite difficult to do well. Many ways to do it wrong (and insecure). I'd be careful in just putting up something on your server and trusting that. I don't know what you're planning to do with it, but it's just a suggestion.