SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Jan 2009
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Is anything wrong with this super easy authentication?

    It is a simple app where one user has to be the admin.

    Would this be sufficient? Or is it exposed to some risks and is easy to hack/reveal login/pass info??

    Part of process.php...

    if(isset($_POST['submit']))
    {
    $login=$_POST['login'];
    $pass=$_POST['pass'];

    if ($login == "A" && $pass == "Z") {
    $_SESSION['code'] = "testcode";
    }

    }

  2. #2
    SitePoint Guru
    Join Date
    Jun 2006
    Posts
    638
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    use the htaccess password for something like this...

  3. #3
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Although it's very rudimentary, even the most complicated authentication models out there perform the same logic, I'd say it's fine.

    Of course, you'd not want to be using A + Z to authenticate
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  4. #4
    Web Professional
    Join Date
    Oct 2008
    Location
    London
    Posts
    862
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SilverBulletUK View Post
    Although it's very rudimentary, even the most complicated authentication models out there perform the same logic, I'd say it's fine.
    Agreed. If it's a super-easy auth for a super-simple app then it's fine.

  5. #5
    SitePoint Member
    Join Date
    Jan 2009
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Awesome, thanks guys! Of couse I'm not going to use A and Z, come on :-) I'll use "login" and "password" LOL

  6. #6
    SitePoint Member vpsville's Avatar
    Join Date
    Feb 2008
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    As long as thats the actual code, you're fine.

    You need to be careful if you do anything with the $POST variables without sanitizing them, like before passing them to a database or as a parameter to a function that might use the database.

    A simple compare like you're doing is fine.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •