Can Security Be Tightened on my code please?
Collapse
X
-
-
-
Hi, can security be tightened on my code, please help, thank you.
Code:PHP Code:<?php
error_reporting(E_ALL);
include("config.php");
if (!$logged['username'])
{
if ( !isset($_POST['login']) || !$_POST['login'] )
{
echo("
<center><form method=\"POST\">
<table>
<tr>
<td align=\"right\">
Username: <input type=\"text\" size=\"15\" maxlength=\"25\" name=\"username\">
</td>
</tr>
<tr>
<td align=\"right\">
Password: <input type=\"password\" size=\"15\" maxlength=\"25\" name=\"password\">
</td></tr><tr>
<td align=\"center\">
<input type=\"submit\" name=\"login\" value=\"Login\">
</td></tr><tr>
<td align=\"center\">
<a href=\"register.php\">Register Here</a>
</td></tr></table></form></center>");
}
if(!empty($_POST['login'])) {
//if ($_POST['login']) {
// the form has been submitted. We continue...
$username=$_POST['username'];
$password = md5($_POST['password']);
// the above lines set variables with the submitted information.
$info = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$data = mysql_fetch_array($info);
if($data['password'] != $password) {
// the password was not the user's password!
echo "Incorrect username or password!";
}else{
// the password was right!
$query = mysql_query("SELECT * FROM users WHERE username = '$username'") or die(mysql_error());
$user = mysql_fetch_array($query);
// gets the user's information
setcookie("id", $user['id'],time()+(60*60*24*5), "/", "");
setcookie("pass", $user['password'],time()+(60*60*24*5), "/", "");
// the above lines set 2 cookies. 1 with the user's id and another with his/her password.
header("Location: account.php");
}
}
}
else
{
header("Location: account.php");
}
?>
Comment
-
Comment
Related Topics
Collapse
-
by DaSpamerHey,
Today I've upgraded my vbulletin 4.2.1 to vbulletin 5.
I really liked what It has and design.
Now I'm facing problem with registrations I get this error
...-
Channel: Support Issues & Questions
-
Comment