Re: Login/Register security!
Posted: Thu Jun 04, 2009 10:47 am
Will this login will be secure enough?
Yes, I know there is no md5. I just don't need it.
Yes, I know there is no md5. I just don't need it.
Code: Select all
<?PHP
include("connect.php");
include("vars.php");
if(isset($_POST['login']))
{
//If password field and username field is not completed give error and exit script. It could like below. I think it is correct.
if (!$_POST['username'] | !$_POST['pass']) {
echo $topregister;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>We warned you. Did we not? Complete all of the required fields. <a href='javascript:self.history.back();'>Return</a>.</td></tr></table>";
echo $bottoml; echo $323; echo $bottomr;
exit();
}
//Now if they are filled in check it against db.
// Assign the username and password from the form to variables.
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pass']);
$sql= mysql_query("SELECT * FROM `ach_users` WHERE `username`='$username' AND `password`='$password'",$connect);
$result=$sql;
// This counts to see how many rows were found, there should be no more than 1
$count=mysql_num_rows($result);
if($count!=1){
echo $toplogin;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: The password or username which you enetered is wrong. <a href='javascript:self.history.back();'>Return</a>.";
echo $bottoml; echo $323; echo $bottomr;
exit();
}
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pass']);
$active=1;
$check = mysql_query("SELECT * FROM `ach_users` WHERE `username`='$username' AND `password`='$password' AND `active`='$active'",$connect);
$result1 = $check;
$check2 = mysql_num_rows($result1);
if($check2!=0)
{
echo $toplogin;
echo "<table width='323' class='toutborder' cellspacing='2' cellpadding='2'><tr width='100%'><td class='tinborder' align='center' width='10%'>Error: Your account is suspened, you can't log in anymore. <a href='javascript:self.history.back();'>Return</a>.";
echo $bottoml; echo $323; echo $bottomr;
exit();
}
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['pass']);
list($check7) = mysql_fetch_row(mysql_query("SELECT `group` FROM `ach_users` WHERE `username`='$username' AND `password`='$password'",$connect));
$result7 = $check7;
if($result7!=1)
{
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$username = $_POST['username'];
list($check8) = mysql_fetch_row(mysql_query("SELECT `id` FROM `ach_users` WHERE `username`='$username'",$connect));
$id = $check8;
$update = mysql_query("UPDATE `ach_users` SET `lastlogin`=NOW() ,`ip`='$ip' WHERE `id`='$id'",$connect);
session_start();
$_SESSION['ach_login'] = "1";
$_SESSION['ach_group'] = "2";
$_SESSION['ach_username'] = $_POST['username'];
header("location:/ach/view_ach.php");
}
else
{
$ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
$username = $_POST['username'];
list($check8) = mysql_fetch_row(mysql_query("SELECT `id` FROM `ach_users` WHERE `username`='$username'",$connect));
$id = $check8;
$update = mysql_query("UPDATE `ach_users` SET `lastlogin`=NOW() ,`ip`='$ip' WHERE `id`='$id'",$connect);
session_start();
$_SESSION['ach_login'] = "1";
$_SESSION['ach_group'] = "1";
$_SESSION['ach_username'] = $_POST['username'];
header("location:/ach/view_ach.php");
}
}
else
{
echo $toplogin;
echo "<form action='" . $_POST['PHP_SELF'] . "' method='post'>
<table width='323' class='toutborder' cellspacing='2' cellpadding='2'>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Username:</td>
<td class='trstyle' align='center' width='60%'><input type='text' name='username'></td>
</tr>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Password:</td>
<td class='trstyle' align='center' width='60%'><input type='password' name='pass'/></td>
</tr>
<tr width='100%'>
<td class='tinborder' algin='center' width='40%'>Remember:</td>
<td class='trstyle' align='center' width='60%'><input type='checkbox' name='remember'/></td>
</tr>
<tr>
<td colspan='2' align='center' class='trstyle'><input type='submit' name='login' value='Log In!'></td>
</tr>
</table>
</form>";
echo $bottoml; echo $323; echo $bottomr;
}
?>