SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Threaded View

  1. #1
    SitePoint Guru augathra's Avatar
    Join Date
    Jul 2004
    Location
    united states
    Posts
    826
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Basic Authentication

    I wrote a login system and i'm hoping someone will check it for flaws.

    PHP Code:
    require_once 'includes/common.inc.php';
    require_once 
    'includes/connect.inc.php';
    session_start();
    $action addslashes($_GET['action']);
    if(
    $action == 'logout') {
            
    session_destroy();
    }
    $status '';
    $signin $_POST['signin'];
    if(
    eregi('[~`!@#$%^&*()-+=|\'";:.,?/\\]'$_POST['login'])) {
        
    $invalid '<font color="#FF000"><b>Invalid characters.</b></font>';
    }
    if(!
    $invalid) {
    $login stripslashes($_POST['login']);
    $password addslashes($_POST['password']);
    $password md5($password);

    if(
    $signin) {
        if(empty(
    $login)) {
            
    $status .= '<font color="#FF0000"><b>Empty login, please fill in the text box.</b></font><br>';
            
    $continue false;
        }
        if(empty(
    $_POST['password'])) {
            
    $status .= '<font color="#FF0000"><b>Empty password, please fill in the text box.</b></font><br>';
            
    $continue false;
        }
        if(
    $continue !== false) {
            
    $SELECT "SELECT * FROM users WHERE login = '$login' AND password = '$password' LIMIT 1";
            
    $QUERY mysql_query($SELECT) or die($error);
            if(
    $a mysql_fetch_array($QUERY)) {
                
    $user_id $a['id'];
                if((
    $a['login'] !== $login) && ($a['password'] !== $password)) {
                    
    $session_create false;
                    
    $status .= '<font color="#FF0000"><b>Invalid login/password combination. Please try again.</b></font><br>'
                } else {
                    
    $_SESSION['user_id'] = $user_id;
                    
    Redirect('http://mysite.com/');
                }
            } else {
                
    $status '<font color="#FF0000"><b>Invalid login/password combination. Please try again.</b></font><br>';
            }
        }
    }

    Last edited by augathra; Nov 20, 2004 at 17:51.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •