Is this login script I wrote secure.
Posted: Wed Jul 27, 2005 2:47 pm
I was wondering if this script was secure?
#index.php
__________________________
#verify.php
_____________________
#login.php
______________________________
#logout.php
_______________________________
#passwd.txt
admin:a5c654594:653hjdayu252c996bd6fdda43afe63ba189er354
JCART | Please use
#index.php
Code: Select all
<?php
include(\"verify.php\");
?>#verify.php
Code: Select all
<?php
session_start();
if ($_SESSION['admin'] != 1)
{
function validate($user, $password)
{
$list = file('passwd.txt');
$key = 0;
foreach ($list as $search)
{
$data = explode(\":\", $search);
if (in_array($user, $data))
{
break;
}
$key++;
}
if (array_key_exists($key, $list))
{
$userList = $data[0];
$salt = $data[1];
$hash = trim($data[2]);
$password = sha1($salt . $password);
if ($hash == $password)
{
$_SESSION['admin'] = '1';
header(\"Location: /\");
} else {
$_SESSION['errorlevel'] = 2;
header(\"Location: /\");
}
} else {
$_SESSION['errorlevel'] = 1;
header(\"Location: /\");
}
}
if (isset($_POST['username']) && isset($_POST['password']))
{
validate($_POST['username'], $_POST['password']);
} else {
include('login.php');
}
} else {
if ($_GET['logout'] == 1)
{
include(\"logout.php\");
header(\"Location: /\");
} else {
print(\"Logged in<br>\");
print(\"<a href=\\"/?logout=1\\">Log Out</a>\");
}
}
?>#login.php
Code: Select all
<html>
<head>
<title>
Log In
</title>
</head>
<body>
<?php
switch ($_SESSION['errorlevel']) {
case 1:
print(\"Invalid Username. Please try again.\");
break;
case 2:
print(\"Invalid Password. Please try again.\");
break;
default:
print(\"Please type a username and a password.\");
break;
}
?>
<form name=login action=\"index.php\" method=\"POST\">
Username:
<input type=\"text\" name=\"username\">
<br>
Password:
<input type=\"password\" name=\"password\">
<input type=\"submit\" value=\"Log-In\">
</form>
</body>
</html>#logout.php
Code: Select all
<?php
session_destroy();
?>#passwd.txt
admin:a5c654594:653hjdayu252c996bd6fdda43afe63ba189er354
JCART | Please use
Code: Select all
tags when posting php code. Review [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]