TradeOn
|
  |
| Joined: 01 Jul 2011 |
| Total Posts: 157 |
|
|
| 24 Jul 2013 12:29 AM |
I'm writing a administrator login, I've tried to rewrite it a few times. If anyone can help me I'd be happy to do something in return.
I promise you wont have to rewrite the entire code, as I have most of it just post here or add me on xfire: blorgo or skype: voidia |
|
|
| Report Abuse |
|
|
Charl3s7
|
  |
| Joined: 07 Dec 2007 |
| Total Posts: 4146 |
|
|
| 24 Jul 2013 12:50 AM |
| LOL I FORGOT YOU EXISTED! ustream.tv/recorded/4875482 |
|
|
| Report Abuse |
|
|
TradeOn
|
  |
| Joined: 01 Jul 2011 |
| Total Posts: 157 |
|
| |
|
NVI
|
  |
| Joined: 11 Jan 2009 |
| Total Posts: 4744 |
|
| |
|
| |
|
|
| 24 Jul 2013 01:48 AM |
| its been a long time blip blop |
|
|
| Report Abuse |
|
|
loleris
|
  |
| Joined: 23 Feb 2009 |
| Total Posts: 1610 |
|
|
| 24 Jul 2013 03:32 AM |
$required = array('username', 'pooword', 'security');
// Loop over field names, make sure each one exists and is not empty $error = false; foreach($required as $field) { if (empty($_POST[$field])) { $error = true; } } if (isset($_SESSION['LOGIN_CODE'])) { if ($error || strtolower($_SESSION["LOGIN_CODE"]) != strtolower($_POST['security'])) { echo "nope"; unset($_SESSION["LOGIN_CODE"]); }else { $username = stripslashes($_POST['username']); $pooword = stripslashes($_POST['pooword']); $username = mysql_real_escape_string($username); $pooword = mysql_real_escape_string($pooword); $sql = "SELECT * FROM administrators WHERE username='$username' and pooword='$pooword'"; $result = mysql_query($sql); $count = mysql_num_rows($result);
if ($count == 1) { $_SESSION["username"] = $username; $_SESSION["pooword"] = $pooword; echo "correct"; }else { echo "nope"; unset($_SESSION["LOGIN_CODE"]); } } }else { echo "nope"; } |
|
|
| Report Abuse |
|
|
loleris
|
  |
| Joined: 23 Feb 2009 |
| Total Posts: 1610 |
|
|
| 24 Jul 2013 03:32 AM |
| Posting mah current project's login XD |
|
|
| Report Abuse |
|
|
Charl3s7
|
  |
| Joined: 07 Dec 2007 |
| Total Posts: 4146 |
|
|
| 24 Jul 2013 03:35 AM |
| That's some really unsecure code you got there. |
|
|
| Report Abuse |
|
|
loleris
|
  |
| Joined: 23 Feb 2009 |
| Total Posts: 1610 |
|
|
| 24 Jul 2013 03:36 AM |
@Charl3s7
You know better. I guess it'd be better if you tell everyone what's the problem. |
|
|
| Report Abuse |
|
|
loleris
|
  |
| Joined: 23 Feb 2009 |
| Total Posts: 1610 |
|
|
| 24 Jul 2013 03:37 AM |
| Oh yeah, this login also follows with a captcha. |
|
|
| Report Abuse |
|
|
Charl3s7
|
  |
| Joined: 07 Dec 2007 |
| Total Posts: 4146 |
|
|
| 24 Jul 2013 03:45 AM |
You're not hashing your p-word at all and your query has vulnerabilities.
Learn to code effectively and safely, idiot. |
|
|
| Report Abuse |
|
|
NVI
|
  |
| Joined: 11 Jan 2009 |
| Total Posts: 4744 |
|
|
| 24 Jul 2013 03:46 AM |
| Omfg. Seriously. Newsflash: mysql_real_escape_string doesn't do all that you think it does. USE PREPARED STATEMENTS. |
|
|
| Report Abuse |
|
|
|
| 24 Jul 2013 03:47 AM |
> using mysql_* You do realise that's deprecated, right? |
|
|
| Report Abuse |
|
|
TradeOn
|
  |
| Joined: 01 Jul 2011 |
| Total Posts: 157 |
|
|
| 24 Jul 2013 04:12 AM |
@nvi who you be this is cpi security identify yourself btw my name is bailey e.e |
|
|
| Report Abuse |
|
|
cntkillme
|
  |
| Joined: 07 Apr 2008 |
| Total Posts: 44956 |
|
|
| 24 Jul 2013 04:37 AM |
loleris, that's disgusting, you are using deprecated MySQL... If you are going to do PHP, at least do it decently. MySQLi or anything not deprecated |
|
|
| Report Abuse |
|
|
|
| 24 Jul 2013 06:33 AM |
| Why aren't you using the PDO class? @op, hit me up on Skype today and ill help you out. Skype : aschoate. |
|
|
| Report Abuse |
|
|
|
| 24 Jul 2013 07:31 AM |
| @loeris What site is that code on? I want to, uh, visit it. |
|
|
| Report Abuse |
|
|
loleris
|
  |
| Joined: 23 Feb 2009 |
| Total Posts: 1610 |
|
| |
|
SN0X
|
  |
| Joined: 24 Oct 2011 |
| Total Posts: 7277 |
|
|
| 24 Jul 2013 08:18 AM |
i am not a web guy, like, i dont know anything web related
but shouldnt u be caching the pass?
AW MAN THIS ISN'T WHERE I PARKED MY CAR |
|
|
| Report Abuse |
|
|
SN0X
|
  |
| Joined: 24 Oct 2011 |
| Total Posts: 7277 |
|
|
| 24 Jul 2013 08:20 AM |
wait i meant hashing
AW MAN THIS ISN'T WHERE I PARKED MY CAR |
|
|
| Report Abuse |
|
|