I've been programming/scripting casually for a few years now, but have recently just delved into php. I've used quite a variety of languages, such as HTML, CSS, Javascript, Python, VB, C, C++.... the list goes on, so I won't bore you all :p Anyways, I'm by no means an expert in any of these, but I'm somewhat familiar with the syntax.
Anyways, I'm in the process of building a server, so I figured I'd set up a virtual machine while I'm waiting for some parts to come in and whatnot. I'm working out of town, so I'm running Ubuntu 10.04 in VirtualBox, installed Apache2, PHP5, mySQL, all the stuff needed for a web server. I've been working on writing some code to log into the server, and access the pages/files/whatever. It's mostly going to be so I can access files from computers other than those on my network.
I've got the basic scripts all written, and I am able to log in just fine. However, now that I've got the core of the program working, I want to start adding some features. First things first is security, as that's a fairly vital thing. I've decided I'm just going to do a simple MD5 + const_salt, as there's only going to be 3 or 4 people with any access to said server, so it should be plenty adequate. I may add a user_salt if I feel the need to, but that's for later.
Anyways, I've read numerous guides on how to go about doing something like this, but I can't seem to get it to work. I've tried every piece of example code inserted into mine, but it's just not working. So I'm gonna need some help from you guys, if you wouldn't mind.
The way I've got things working right now is VERY messy and just kinda thrown together, but I do plan on cleaning things up once I get this password issue, plus one or two other things worked out. As it stands, the "map" is something like this:
main_login.php -> checklogin.php -> login_sucess/failure.php -> redirecting.html -> INDEX
As I said, very messy, but I'm gonna fix that later :p
Anyways, I really just have no clue where to go from here. checklogin.php has the majority of the code, and all the information that's relevant, so I'll just post that. An explanation of how to hash the password, or even just copy/pasting and then inserting it yourself would be much appreciated! Hopefully I'm not asking too much of you guys. Remember, it's still in the early stages, and I'm very new to this, so take it easy on me
Code: Select all
<html>
<body>
<CENTER>
<br><br><br><br>
<?php
ob_start();
$host = "localhost"; // Host name
$username = "USERNAME"; // Mysql username
$password = "PASSWORD"; // Mysql password
$db_name = "login"; // Database name
$tbl_name = "members"; // Table name
// Connect to server and select database
mysql_connect("$host", "$username", "$password") or die ("Could not connect: " . mysql_error());
mysql_select_db("$db_name") or die ("Could not select DB: " . mysql_error());
// Define $myusername and $mypassword
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
// Protect from MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
// Register $myusername, $mypassword and redirect to file "login_success.php"
if ($count==1)
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
header("Location: login_success.php");
}
else
{
echo "Wrong Username and/or Password.<br />";
echo "Please hit 'Back' and try again.";
}
ob_end_flush();
?>
</CENTER>
</body>
</html> - Jesse