Results 1 to 3 of 3
Thread: A good secure login script
-
03-12-2003, 07:22 PM #1Red HapGuest
A good Lgin script that I made..It might helpful to some Hosting companies.
<?
$dbusername = "username";
$dbpassword = "password";
$db_name = "database";
// This is the page to show when the user has been logged out
// Page with login form
$login_page = "loginpage";
// Page to show if the user enters an invalid login name or password
$invalidlogin_page = "invalid login page";
//DON'T EDIT ANYTHING BELOW THIS!!!
if ($action == "logout")
{
Setcookie("loginpass","",time() -86400);
Setcookie("loginuser","",time() - 86400);
include($login_page);
exit;
}
else if ($action == "login")
{
if (($username == "") || ($password == ""))
{
include($invalidlogin_page);
exit;
}
else {
//connect
mysql_connect( "localhost", "$dbusername", "$dbpassword") or die( "Unable to connect to server!");
mysql_select_db( "$db_name") or die( "Unable to select database");
//some select queries for registering global variables and verifying user
$query = "SELECT member_id, username, password, status FROM users where username='$username'";
$insert = MYSQL_QUERY($query);
$number = MYSQL_NUMROWS($insert);
if($number != 0) {
$i = 0;
$member_id = mysql_result($insert,$i,"member_id");
$user_db = mysql_result($insert,$i,"username");
$password_db = mysql_result($insert,$i,"password");
$status = mysql_result($insert,$i,"status");
if ($password == $password_db) {
$validuser = "true";
}}
}
}
else
{
if (($HTTP_COOKIE_VARS["loginpass"] == "") || ($HTTP_COOKIE_VARS["loginuser"] == ""))
{
include($login_page);
exit;
}
else if (($HTTP_COOKIE_VARS["loginpass"] != "") || ($HTTP_COOKIE_VARS["loginuser"] != ""))
{
$username = $HTTP_COOKIE_VARS["loginuser"];
$password = $HTTP_COOKIE_VARS["loginpass"];
//connect
mysql_connect( "localhost", "$dbusername", "$dbpassword") or die( "Unable to connect to server!");
mysql_select_db( "$db_name") or die( "Unable to select database");
//some select queries for registering global variables and verifying user
$query = "SELECT member_id, username, password, status FROM users where username='$username'";
$insert = MYSQL_QUERY($query);
$number = MYSQL_NUMROWS($insert);
if($number != 0) {
$i = 0;
$member_id = mysql_result($insert,$i,"member_id");
$user_db = mysql_result($insert,$i,"username");
$password_db = mysql_result($insert,$i,"password");
$status = mysql_result($insert,$i,"status");
if ($password == $password_db) {
$validuser = "true";
}}
}
else
{
include($invalidlogin_page);
exit;
}
}
if ($validuser == "true")
{
Setcookie("loginpass",$password,time() + 86400);
Setcookie("loginuser",$username,time() + 86400);
}
else
{
include($invalidlogin_page);
exit;
}
?>
-
03-13-2003, 04:02 AM #2eHostSpaceGuest
do a http login
-
03-13-2003, 09:46 AM #3XKRGuest
Good, but fairly basic. Not really all that secure, you don't even use md5() stuff.
BTW, This:
if (($username == "") || ($password == ""))
if (!$username || !$password)
Adding a "!" before a variable name states that it doesn't exist.
Bookmarks