Security Review, Please :)
Posted: Fri Nov 03, 2006 5:24 pm
Security Review, Please! 
I am new to PHP (started learning 1 and a half weeks ago) and for experience I made a site (on localhost, not online yet). Users do not register, but it does have an admin that edits content and simple site configuration. If you could review the login code and security of, that'd be great
. A few things:
- It isn't done yet. I haven't coded the admin ops yet, so function adminops() is empty.
- Title and other site descriptions are called from a mysql db in mainfile.php
- I am trying to get everything (login, logout, admin functions) all in the admin.php. It is hard because of the setcookie() and header(). Any suggestions?
- The username and pass are base64_encoded. Is this necessary?
- In terms of cleaning everything up... Any suggestions?
Any and all suggestions, criticisms, and comments are welcome!
Thanks!
admin.php
logout.php
Thanks 
I am new to PHP (started learning 1 and a half weeks ago) and for experience I made a site (on localhost, not online yet). Users do not register, but it does have an admin that edits content and simple site configuration. If you could review the login code and security of, that'd be great
- It isn't done yet. I haven't coded the admin ops yet, so function adminops() is empty.
- Title and other site descriptions are called from a mysql db in mainfile.php
- I am trying to get everything (login, logout, admin functions) all in the admin.php. It is hard because of the setcookie() and header(). Any suggestions?
- The username and pass are base64_encoded. Is this necessary?
- In terms of cleaning everything up... Any suggestions?
Any and all suggestions, criticisms, and comments are welcome!
Thanks!
admin.php
Code: Select all
<?php
require_once("mainfile.php");
//////////////////////////////////
//////////////////////////////////
$username = base64_encode("user");
$password = base64_encode("pass");
//////////////////////////////////
//////////////////////////////////
function admin(){
adminhead();
adminindex();
adminops();
}
function adminhead(){
global $title, $custommsg, $metakeywords, $metadescription;
echo "<html><head>"
."<title>".$title.": Administration</title>"
."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />"
."<meta name=\"Description\" content=\"".$metadescription."\" />"
."<meta name=\"Keywords\" content=\"".$metakeywords."\" />"
."<link rel=\"stylesheet\" href=\"style.css\" type=\"text/css\" media=\"screen,projection\" />"
."</head>"
."<body>"
."<div id=\"wrap\">"
."<a href=\"index.php\" class=\"plain\"><div id=\"header\"><p>".$custommsg."</p></div></a>"
."<div id=\"navbar\"></div>";
}
function adminindex(){
echo "<div id=\"nav\">"
."<table>"
."<tr>"
."<td><a href=\"admin.php?op=news\"><img src=\"images/news.png\"></a></td>"
."<td><a href=\"admin.php?op=legal\"><img src=\"images/legal.png\"></a></td>"
."<td><a href=\"admin.php?op=about\"><img src=\"images/about.png\"></a></td>"
."<td><a href=\"admin.php?op=contact\"><img src=\"images/contact.png\"></a></td>"
."<td><a href=\"admin.php?op=about\"><img src=\"images/content.png\"></a></td>"
."</tr>"
."<tr>"
."<td><a href=\"admin.php?op=news\">News<br /><br /></a></td>"
."<td><a href=\"admin.php?op=legal\">Legal<br /><br /></a></td>"
."<td><a href=\"admin.php?op=about\">About<br /><br /></a></td>"
."<td><a href=\"admin.php?op=contact\">Contact<br /><br /></a></td>"
."<td><a href=\"admin.php?op=about\">Content<br /><br /></a></td>"
."</tr>"
."<tr>"
."<td><a href=\"admin.php?op=news\"><img src=\"images/options.png\"></a></td>"
."<td><a href=\"admin.php?op=ads\"><img src=\"images/adedit.png\"></a></td>"
."<td><a href=\"logout.php\"><img src=\"images/logout.png\"></a></td>"
."<td> </td>"
."<td> </td>"
."</tr>"
."<tr>"
."<td><a href=\"admin.php?op=news\">Options</a></td>"
."<td><a href=\"admin.php?op=ads\">Adverts</a></td>"
."<td><a href=\"logout.php\">Logout</a></td>"
."<td> </td>"
."<td> </td>"
."</tr>"
."</table>"
."</div>"
."<div id=\"content\"><p><br />Test Content</p></div>";
}
function adminops(){
global $op;
// not finished
}
function loginprmpt(){
echo "<div id=\"content\"><p><br /><font class=\"largep\">Administrator Login:</font>"
."<form class=\"center\" action=\"admin.php\" method=\"post\"><br>Username: "
."<input class=\"regform\" type=\"text\" name=\"username\" size=\"21\"><br /><br />Password: "
."<input class=\"regform\" type=\"password\" name=\"password\" size=\"21\"><br /><br />"
."<input class=\"regbutton\" type=\"submit\" value=\"Submit\" size=\"10\"></form><br /><br /></p>"
."</div>";
}
//////////////////////////////////
//////////////////////////////////
if (!isset($_COOKIE['user']) && !isset($_COOKIE['pass'])){
if ($_POST['username'] == base64_decode($username) || $_POST['password'] == base64_decode($password)){
setcookie("user", $username, time()+60*60*24*100, "/");
setcookie("pass", $password, time()+60*60*24*100, "/");
admin();
}else{
include("header.php");
loginprmpt();
}}
if (isset($_COOKIE['user']) && isset($_COOKIE['pass']) and $_COOKIE['user'] != $username && $_COOKIE['pass'] != $password){
if ($_POST['username'] == base64_decode($username) || $_POST['password'] == base64_decode($password)){
setcookie("user", $username, time()+60*60*24*100, "/");
setcookie("pass", $password, time()+60*60*24*100, "/");
admin();
}else{
include("header.php");
loginprmpt();
}}
if (isset($_COOKIE['user']) and isset($_COOKIE['pass']) and $_COOKIE['user'] == $username && $_COOKIE['pass'] == $password) {
admin();
}
//////////////////////////////////
//////////////////////////////////
include("footer.php")
?>Code: Select all
<?php
if(isset($_COOKIE['user']) && isset($_COOKIE['pass'])){
setcookie("user", "", time()-60*60*24*100, "/");
setcookie("pass", "", time()-60*60*24*100, "/");
}
Header ("Location: admin.php");
?>