securest login script

  • (2 Pages)
  • +
  • 1
  • 2

17 Replies - 2128 Views - Last Post: 17 October 2008 - 12:39 PM Rate Topic: -----

#1 dreamincodehamza  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: -12
  • View blog
  • Posts: 332
  • Joined: 12-September 08

securest login script

Post icon  Posted 25 September 2008 - 06:27 PM

Is this login way or code is securest from sql injection or any other possible
unautherize login .
ir not then please tell me where it is lacking
and what is the solution of it

 
<?php
//striping tag
$name	= strip_tags($_POST[name]);
$pssword = strip_tags( $_POST[password] );
//removing strings
$name	= mysql_escape_string($name);
$pssword = mysql_escape_string($pssword);
 $result =  mysql_query("select name,password from `loingTable` where name='$name' and password='$pssword'");
 if ( mysql_num_rows($result) ) {
   echo 'success';
 } else {
	echo 'wrong name and password';
 }
?>
<form action="" method="post">
 <input type="text" name="name" /><br />
 <input type="text" name="password" />
</form>



Is This A Good Question/Topic? 0
  • +

Replies To: securest login script

#2 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: securest login script

Posted 25 September 2008 - 07:41 PM

Yes that looks protected from SQL injection, great job. A lot of people miss out on strip_tags(), let alone mysql_real_escape_string();

Here's a great place to start researching some PHP Security

PHP Security Crash Course

All in all though what you have should be enough to block most basic attempts.
Was This Post Helpful? 0
  • +
  • -

#3 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: securest login script

Posted 26 September 2008 - 01:42 AM

I have a function I put together ages ago which i use on my sites:

function formatRemoveSQL($value){
	if(function_exists(strip_tags)){
		$value = strip_tags($value);
	}
	if(function_exists(mysql_real_escape_string)){
		$value = mysql_real_escape_string($value);
	}else if(function_exists(mysql_escape_string)){
		$value = mysql_escape_string($value);
	}
	if(function_exists(addslashes)){
		$value = addslashes($value);
	}else{
		$value = str_replace("'", "&acute;", $value);
		$value = str_replace('"', '&quot;', $value);
	}
	return $value;
}



*Note*

I keep the function_exists on as I am always working with different servers, with different versions of PHP. If you are always using the same version of PHP, you could remove these to speed it up slightly.

This post has been edited by pemcconnell: 26 September 2008 - 08:00 AM

Was This Post Helpful? 1
  • +
  • -

#4 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: securest login script

Posted 26 September 2008 - 07:10 AM

Awesome function. I'm going to add that to my library. Thanks a lot man.
Was This Post Helpful? 0
  • +
  • -

#5 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: securest login script

Posted 26 September 2008 - 07:55 AM

You're welcome :)
Was This Post Helpful? 0
  • +
  • -

#6 dreamincodehamza  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: -12
  • View blog
  • Posts: 332
  • Joined: 12-September 08

Re: securest login script

Posted 26 September 2008 - 05:02 PM

akozlik
thanks for the link and i will visit the site for security information.
And anything else you like to suggest except that piece of code.

pemcconnell
Please dont mind but what is so special in these user make functions.
You are just use same function like me but just simply check
for the existence of the funtions before use it .
i really dont think so there is any special in it.
with due respect dont mind please.
Was This Post Helpful? 0
  • +
  • -

#7 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: securest login script

Posted 26 September 2008 - 05:43 PM

What makes is function useful is the fact that it does all the escape functions in one function. Rather than calling

$item = mysql_real_escape_string($item);
$item = addslashes($item);
$item = strip_tags($item);
$item = mysql_escape_string($item);

$item2 = mysql_real_escape_string($item2);
$item2 = addslashes($item2);
$item2 = strip_tags($item2);
$item2 = mysql_escape_string($item2);



You can simply call

$item = formatRemoveSQL($item);
$item2 = formatRemoveSQL($item2);



You can tell it's a lot less code to have to write, which makes the script easier to maintain and to read.
Was This Post Helpful? 0
  • +
  • -

#8 pr4y  Icon User is offline

  • Location: 127.0.0.1
  • member icon

Reputation: 35
  • View blog
  • Posts: 621
  • Joined: 19-September 08

Re: securest login script

Posted 26 September 2008 - 05:55 PM

very helpful libraries! thanks for that, i've been looking for something similar to this for some time now.

as far as it seems, that script should be 100% SQL injection proof. doesn't look like you need to cover much else as far as security goes.
Was This Post Helpful? 0
  • +
  • -

#9 dreamincodehamza  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: -12
  • View blog
  • Posts: 332
  • Joined: 12-September 08

Re: securest login script

Posted 26 September 2008 - 06:07 PM

According to my knowledge not every function is 100% fully funtion .
if you go to the site php.net then you will see that in front page
different function are getting updated day by day because they
are not in 100% process.
so you can not say that this sql injection is full prove there is little bit or
more lacking somewhere i am not expert of this put
mysql_escape string escape not strings but if you want to know
more about it then you should visit to php.net and search for these
funtion in details .
hope this will help you little bit



I have started this topic of secure login but i have got nothing help from it in this.

Everyone is getting help from each other and saying thanks to each other but my point is still there.

ooo god where i am .
Was This Post Helpful? 0
  • +
  • -

#10 pr4y  Icon User is offline

  • Location: 127.0.0.1
  • member icon

Reputation: 35
  • View blog
  • Posts: 621
  • Joined: 19-September 08

Re: securest login script

Posted 26 September 2008 - 06:33 PM

Quote

I have started this topic of secure login but i have got nothing help from it in this.

Everyone is getting help from each other and saying thanks to each other but my point is still there.

ooo god where i am .


It seems as though you have a secure login script, which is why you haven't gotten any help... it doesn't seem like anything needs to be changed, but if there is something specific you are wondering about the ask... but for the most part it seems secure.
Was This Post Helpful? 0
  • +
  • -

#11 dreamincodehamza  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: -12
  • View blog
  • Posts: 332
  • Joined: 12-September 08

Re: securest login script

Posted 26 September 2008 - 06:37 PM

Looks secure and having secure quite different statemens . .. .
i think i have to go somewhere else for that.

Quote

.

Was This Post Helpful? 0
  • +
  • -

#12 pemcconnell  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 54
  • View blog
  • Posts: 472
  • Joined: 05-August 08

Re: securest login script

Posted 01 October 2008 - 06:09 AM

Right I just need to double check something.

In your initial post you asked 'Is this login way or code is securest from sql injection or any other possible?'

akozlik replied quickly with a yes, a compliment and a link to a site where you could read up more if you wanted.

I then added a function to make your code shorter and help you out.

So you have your initial question answered, with added help and advice.

What else could you posibly want from us?

dreamincodehamza said:

i think i have to go somewhere else for that.

This post has been edited by pemcconnell: 01 October 2008 - 06:10 AM

Was This Post Helpful? 1

#13 akozlik  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 90
  • View blog
  • Posts: 797
  • Joined: 25-February 08

Re: securest login script

Posted 01 October 2008 - 06:22 AM

I'm just going to go ahead and unsubscribe from this thread. Good luck with everything.
Was This Post Helpful? 0
  • +
  • -

#14 dreamincodehamza  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: -12
  • View blog
  • Posts: 332
  • Joined: 12-September 08

Re: securest login script

Posted 11 October 2008 - 11:43 AM

As you wish my dear go where ever you like.but my question is still there
Was This Post Helpful? 0
  • +
  • -

#15 JBrace1990  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 110
  • View blog
  • Posts: 760
  • Joined: 09-March 08

Re: securest login script

Posted 11 October 2008 - 12:48 PM

you are obviously NOT listening to what they're syaing. your script IS secure. when people say it "looks" secure, that means to the best of their knowledge, it is.

Akozlik has that little "Expert" sign under his name for a reason. Maybe you should reread what everyone else has posted, and you'll see that you have indeed gotten an answer to your question.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2