Is this safe?

**Shadow121** · 02-05-2007 07:27 PM

Can someone please tell me if this is safe then maybe suggest ways to make it safer?

The function Encode is using md5(sha1()); for protection.

Code:

<?php
if(!isset($_SESSION[logged_in]) && !$logged[username] && !$_POST[login]){
echo "<form method='post' action='index.php?x=login'>
<b>Username</b>:<br />
<input type='text' name='user' size='15'><br />
<b>Password</b>:<br />
<input type='password' name='pass' size='15'><br />
<input type='submit' name='login' value='Login'>
</form>";
}elseif(!isset($_SESSION[logged_in]) && !$logged[username] && $_POST[login]){
$user = mysql_real_escape_string(stripslashes($_POST[user]));
$pass = Encode(stripslashes($_POST[pass]));
if(empty($user) || empty($pass)){
echo "<B>Error</b>: You Left A Field Blank";
}
$check = mysql_query("SELECT id, username, password FROM users WHERE username = '$user' AND PASS = '$pass' LIMIT 1");
if(mysql_num_rows($check) > 0){
$_SESSION[logged_in] = "1";
$_SESSION[user] = $user;
$_SESSION[pass] = $pass;
echo "You Have Been Logged In Successfully <meta http-equiv=\"Refresh\" content=\"4;url= index.php?x=cp\">";
}else{
echo "<b>Error</b>: Invalid Password, Or user Does Not Exist.";
}
}elseif(isset($_SESSION[logged_in]) && $logged[username]){
echo "<b>Error</b> You Are Already Logged In.<meta http-equiv=\"Refresh\" content=\"4;url= index.php?x=cp\">";
}
?>

**Bryon** · 02-05-2007 09:14 PM

Check out: http://youngcoders.com/showpost.php?p=63305&postcount=1

***Micro*** · 02-06-2007 03:17 PM

Just a hint, do a strip_tags on the username field -- if someone sneaks HTML into there, and you do something with it your users can really mess up your site, especially if their username is shown to other users.

Thread: Is this safe?

LinkBack

Thread Tools

Display

Is this safe?

Re: Is this safe?

Re: Is this safe?

Similar Threads

Is it safe to delete these?

PHP Safe mode?

Safe and Accessible Webdesign

Safe Mode?

Posting Permissions