SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Simple login form

    Recently we have been working hard to update all our code so it is more with todays ages rather than 5 years ago.

    We are redoing our login form now and i am guessing this must be one of the most imporant parts, so i though i would ask for a bit of advice on this.

    The way our login form works is you login, it takes you to the index.php page, then from every page it takes you to from then on there is a ?login="user login" & password="users password" in the url bar, we really need to work around having this here.

    Here is our login form

    Code:
     <form action="/members/index.php" method="post">
                                                        <p> 
                                                          <center>
                                                            <font size="2" face="Courier New, Courier, mono"><strong>Log 
                                                            In</strong> </font> 
                                                          </center>
                                                        <table>
                                                          <tr> 
                                                            <td><div align="right"><font size="2" face="Courier New, Courier, mono">Login:</font></div></td>
                                                            <td> <font size="2" face="Courier New, Courier, mono"> 
                                                              <input class="textbox" type="text" name="login" size="12" maxlength="20">
                                                              </font></td>
                                                          </tr>
                                                          <tr> 
                                                            <td><div align="right"><font size="2" face="Courier New, Courier, mono">Password:</font></div></td>
                                                            <td> <font size="2" face="Courier New, Courier, mono"> 
                                                              <input name="password" type="password" class="textbox" id="password" size="12" maxlength="20">
                                                              </font></td>
                                                          </tr>
                                                        </table>
                                                        <div align="center"><font size="2" face="Courier New, Courier, mono"> 
                                                          <input name="submit" type="submit" value="Login">
                                                          </font></div>
                                                      </form></td>
                                                  </tr>
                                                </table>

    Code of the page it takes you to.

    PHP Code:
    function secure($input) {
        $input = str_replace("<", "", $input);
        $input = str_replace(">", "", $input);
        $input = str_replace("'", "", $input);
        $input = str_replace('"', '', $input);
        return $input;
    }

    include("config.php");
    $login = secure($get_userinfo['login']);

    $password = secure($get_userinfo['password']);
    ?>
    <?

     $result 
    mysql_query("SELECT * FROM promoters WHERE login = '$login AND password = '$password'");

    $get_userinfo = @mysql_fetch_array($result);

    $uid secure($get_userinfo['id']);

    $udblogin secure($get_userinfo['login']);

    $udbpass secure($get_userinfo['password']);

        if(
    $udblogin == "" AND $udbpass == "" OR $udbpass == "") { 
        
        echo 
    "Wrong Password/Username";
        
    } else {

        if(
    $del == '1') { 
        
        echo 
    "Your account has been removed for breaking our TOS.";
    How would you suggest i change this so it is more safe for our users?

  2. #2
    SitePoint Guru
    Join Date
    Sep 2004
    Posts
    613
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    First off - NEVER have your username/password in the URL.

    Secondly, you need to use classes and setup your site differently.
    That code is very ugly ^_^

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Secondly, you need to use classes and setup your site differently.
    That code is very ugly ^_^
    Classes? Where can i read about them? How does it need to be set up differently?

    Well i hired someone to redesign it about a week ago and he more or less changed nothing i asked for so i though i'm best off doing this myself.

    Where is a good place to hire programmers, that will do a good job?

    Also is there any good books and php and MySQL that i can read, i started reading one the other day but it sort of didn't explain everything in all that much detail making it very hard to understand a lot of it.

  4. #4
    SitePoint Wizard REMIYA's Avatar
    Join Date
    May 2005
    Posts
    1,351
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by XpLaYa
    Classes? Where can i read about them? How does it need to be set up differently?
    The PHP Manual has everthing you should ever need to know about classes. If you want to know more about classes and OOP buy yourself a decent Java book.

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2005
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The PHP Manual has everthing you should ever need to know about classes. If you want to know more about classes and OOP buy yourself a decent Java book.
    Ok, well i guess ill start reading the php manual tomorrow.

    Could anyone give me an example on how i will need to write this?

    Thanks for time


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •